Thursday, October 30, 2008

Surveillance On the Average Joe: Another Blow To Patient Confidence In Electronic Medical Records?

In 2006 I'd commented on Healthcare Renewal about the Wall Street Journal story "Spread of Records Stirs Patient Fears of Privacy Erosion", by Theo Francis, published Dec. 26, 2006.

As I wrote at "Another Electronic Medical Record Horror Story"
here, a patient, Patricia Galvin, was betrayed after medical information she thought was confidential about her psychotherapy was divulged to an insurance company.

I also penned a Letter to the Editor at the WSJ, published on Dec. 30, 2006 (viewable here as published, second letter from top; and as submitted, in the blog post above). I had noted that:


In the UK, the ambitious Connecting for Health (CfH) national EMR project and plans for a central clinical database have been met with stiff resistance from patient advocacy groups. Plans to upload medical records onto the central clinical database will put patient confidentiality at risk, the UK [1] . Professor Ross Anderson, Professor of Security Engineering at Cambridge University and one of the founder members of privacy advocacy group http://TheBigOptOut.org made the telling point that people should opt out of inclusion in the national database, if only to wait and see if their government delivers the ‘protections’ that it is promising - and if it does, to see if they are sufficient and effective [2]

[1]
“CfH report confirms confidentiality risk,” The Register, Nov. 27, 2006, http://www.theregister.co.uk/2006/11/27/care_record_conf/

[2] http://www.nhsconfidentiality.org/?p=37


The issues of 2008 U.S. politics aside, I believe another blow to patient confidence in EHR has just occurred, I'm afraid:


Agency Head Defends "Joe" Searches
Columbus Dispatch
Oct. 30, 2008

A state agency has revealed that its checks of computer systems for potential information on "Joe the Plumber" were more extensive than it first acknowledged .

Helen Jones-Kelley, director of the Ohio Department of Job and Family Services, disclosed yesterday that computer inquiries on Samuel Joseph Wurzelbacher were not restricted to a child-support system.

The agency also checked Wurzelbacher in its computer systems to determine whether he was receiving welfare assistance or owed unemployment compensation taxes, she wrote.

Jones-Kelley made the revelations in a letter to Ohio Senate President Bill M. Harris, R-Ashland, who demanded answers on why state officials checked out Wurzelbacher.

Harris called the multiple records checks "questionable" and said he awaits more answers. "It's kind of like Big Brother is looking in your pocket," he said.

If state employees run checks on every person listed in newspaper stories as buying a business, "it must take a lot of people a lot of time to run these checks," he said. "Where do you draw the line?"

The checks were run after the news media reported that Wurzelbacher was considering buying a plumbing business with more than $250,000 in annual income, Jones-Kelley wrote.

... Jones-Kelley wrote the checks were "well-meaning" ...

Apparently a statement was made by Ohio officials that this type of checking was done on anyone who "comes into public attention" or words to that effect.

Ohio Senate President Bill M. Harris sought answers on why state officials checked out Wurzelbacher. Harris called the multiple records checks "questionable" and said he awaits more answers. "It's kind of like Big Brother is looking in your pocket," he said.

I would agree with that assessment.

I believe nearly every U.S. citizen who's awake and conscious has heard of this by now, and very many people abroad are aware of this as well.

This raises several key questions.

  • How will this event and others that come to light affect confidence in EHR privacy and confidentiality by the "average Joe" who might fear intimate details might be divulged about them if they are shown on the evening news regarding something controversial or in the newspaper? (For example, did someone check my background after my WSJ editorial above was published?)
  • Of what use are "guarantees of medical records privacy" if government officials themselves decide that they are justified for whatever reason and "well meaning" in peeking at a person's records - especially for reasons as dubious as in the Wurzelbacher example?
  • Were medical records breached in Mr. Wurzelbacher's case? Although I am unaware of any evidence of this, I would place the likelihood at "very concerning" considering what is already known.

I believe this incident may have serious repercussions upon patient confidence in electronic record privacy, with a resultant harder time in diffusing this technology for clinical care and research.

I, for one, already feel less confident in my assertions that EHR data, especially data in governmental systems, is "safe."

-- SS