Blue Cross & Blue Shield of Massachusettes is leading a coalition that will spend about $50 million that will allow for the creation of a medical records system in three communities. This will cover about 2,000 physicians, hospitals, pharmacies, and potentially nursing homes and community health centers. The goal is to reduce the number of medical errors by allowing physicians to log into a central database containing all of a patients medical records. This is an alternative to keeping patient records on paper in filing cabinets.

With any new advance in technology and information sharing where the data has such a high level of sensitivity attached to it, privacy concerns are abundant. First, I am skeptical of the system when the primary investors are insurance companies. It seems that the insurance companies have a vested interest in consolidating all of a patients records into one location. Personally, and as a researcher, this concerns me because I don’t think that insurance companies should have access to such a database. Although I don’t see where it is explicitly stated that they would have access to the database, it seems very possible that this is one of their goals. Additionally, I am concerned about so many people having such easy and transparent access to my data. The possibility of pharmacist or nurse looking up a neighbor or potential boyfriend in the database seems all too likely.

The adoption of such a system can undoubtedly bring forth advances in medical treatment and research, but at what cost to personal privacy? I urge everyone to consider the value of their medical history and the medical history of their friends, family, and community as an alternative to blindly accepting this new system.

Read more about the medical records database here.

The following excerpt is from an article at timesreporter.com: A review of the various effects the Health Insurance Portability and Accountability Act (HIPAA) has had on the medical industry and patients. While patients appreciate the stronger privacy protection, the medical community has found that compliance with the new law can interfere with patient care.

Personally, I can relate to these findings. A few months ago, a good friend of mine had a heart attack and was hospitalized for several days. I was visiting him on the 3rd day of his hospital stay when a hospital administrator approached him. She asked him several HIPAA related questions and asked him to sign various wavers. For example: Can the hospital disclose his personal information to friends and family members? Or, Can the doctors discuss his medical treatments and condition with family members and friends? Now, keep in mind that he had been on morphine and various other drugs since he was admitted and just finished an angioplasty procedure at this point in time. While I thought it was terribly inappropriate to ask him these questions while he was in no way cognisant enough to make such a decision, I asked myself when would be an appropriate time? Should they stop treating his pain long enough to let him sign the HIPAA wavers? Would that be humane? How else would he reach an informed decision? And where does the line for protection of personal privacy become unrealistic and/or ridiculous?

As a privacy and security researcher, I cannot agree with the hospitals actions in this matter. I realize that there will be continued resistance, compromises, and inconvenience in the pursuit of protecting our individual privacy; but if we don’t persist, we surely cannot progress.

The following quote is an excerpt from a recent news article:

The U.S. House of representatives will vote soon to crack down on spyware that hides in users computers and secretly monitors their activities. According to Microsoft, spyware was responsible for one-third of all computer crashes last year.

I have been a victim of spyware; and as a network administrator, I have dealt with numerous infected personal computers (PC). Spyware, in itís seemingly innumerable forms, has been responsible for PCs running sluggishly, the clandestine monitoring of activities, and complete system crashes. However, it is difficult to determine which is more alarming: the effects of spyware or the steadily increasing infection rates. As a researcher, I am interested in investigating the etiology behind both of these phenomena. While I believe that enacting new legislation is an appropriate step, I wager that it will prove insufficient to inhibit the increase in spyware activity. Furthermore, as I am firm believer that people value their privacy, I foresee a great deal of research and effort being dedicated to addressing this spyware assault.

For more information on this spyware legislation see: House Could Vote on Spyware Next Week