Today I published an interview with Peter Neupert about the HealthVault initiative announced today. The most thoughtful commentary I’ve seen comes not from TechMeme but rather from the always thoughtful Lauren Weinstein who writes:
The most serious problem is that once medical data is in a centralized environment, there are essentially no limits to who can come along with a court order (or in the case of the government, as we know, secret orders or illegal demands that can’t usually be resisted) for access to that data. Service providers typically have no choice but to comply. The only way to prevent this is for the data to be encrypted in such a way that even the service provider cannot access it without your permission, even with a court order staring them in the face. As far as I know, none of the systems currently in development or deployment take that approach to encryption — but I’d love to have someone inform me that such techniques would be used. That would change the equation considerably.
Agreed. That’s precisely the kind of system I want, and that I would pay for. But I don’t think many folks realize what translucency is, or why they might want to pay for services that work that way. So I see the advertising-supported model as a sensible first step. And I hope that Microsoft’s HealthVault and Google’s forthcoming competitor will, among other things, help create a market for translucent medical records.
Jon
I completely agree. I am glad Google has not done anything yet, and my feeling is that the data ownership issue is a key reason why.
Jon
web technology alone cannot solve distributed health records.
Their is a tension between privacy and the emergency need to know that is entirely social and cannot be solved by encryption and biometrics or http.
Plus
From: http://www.openehr.org/getting_started/t_openehr_primer.htm
Health Information Systems today suffer from a number of key problems:
* lack of interoperability and vendor (M$?) lock-in;
* cost and difficulty of maintenance, given the rate of change and sheer size of the information in the health domain;
* lack of support for security, privacy and consent.
“web technology alone cannot solve distributed health records”
Of course not.
“There is a tension between privacy and the emergency need to know that is entirely social and cannot be solved by encryption and biometrics or http.”
Agreed. We are going to have to tread carefully through a thicket of incredibly thorny issues, and we’re not going to emerge unscathed.
But unless you believe we should not go there at all — and I don’t — we need to take some first steps. This is an important first step.
The risk of court orders (etc) demanding access to data, that Lauren Weinstein refers to has a name: “compelled disclosure”. Useful for literature searches.
NCBI:
http://www.ncbi.nlm.nih.gov/sites/entrez?term=compelled%20disclosure
If the health information began its life on my personal computer (as the patient or potential patient), and I were able to securely encrypt that information (although, would *any* encryption be secure enough?) on my personal computer, and then upload that encryped information to the “centralized vault,” would that be a workable starting point?
Of course the information would require my participation to de-encrypt it (not so great for an emergency-room scenario), but might otherwise be sensible?
“would that be a workable starting point?”
The fascinating and difficult challenge of translucency is: Which data are left in the clear to enable search, and which data are hidden until post-search decryption?
Or, as per Jeff Jonas’ work on ANNA (http://jeffjonas.typepad.com/jeff_jonas/2007/02/to_anonymize_or.html, http://jeffjonas.typepad.com/jeff_jonas/2006/03/advanced_analyt.html), which search- and match-enabling data are normalized, hashed, and then only ever revealed by compelled disclosure?
I enjoyed listening to this cast.
I followed this cast up with Mike Platt’s interview on ArCast http://channel9.msdn.com/ShowPost.aspx?PostID=172624 Mike commented on the troubles with Halestorm and Passport being that people were not so willing to submit their private information to be stored at Microsoft. I immediately thought of HealthVault and now I have to listen to this show again to see if Peter covered that angle.
Google HUC(R) and look at Kleinke letter page 33 of 35
Действительно интерестно.
Спасибочки! Буду теперь заходить на этот блог почаще!
Хорошо пишете. Я бы конечно некоторые моменты оспорила, ну да ладно.