The End of Medical Privacy

Dr. Matthew Edlund, MD, MOH

What you can do—for now—to protect yourself.

Posted July 18, 2011

By Dr. Matthew Edlund, MD, MOH

Mark Zuckerberg has declared that privacy is dead. Though he’s done his bit to achieve that state, he’s right.

And he’s about to become ever more correct.

Americans should view the recent hacking information scandals in Britain with alarm, because the same problems are now here—or will be. If the Queen and the Prime Minister can have their phones hacked, their financial records stolen, and impersonators calling the bank to find out the nitty-gritty of their most private transactions, what about the rest of us? Will our relative unimportance protect us?

Fat chance. Consider these items and ask yourself about whether personal privacy really exists:

Criminal records—even if legally expunged or extinguished, they still live forever on the web—every traffic ticket and youthful discretion.

Credit cards—much of the information is now uploaded, and only a click away for many retailers, insurers, and others.

Facebook—please check who actually owns the information you put on social networking sites—and then decide whether your information is any way private. As NPR noted in an excellent series any time you answer a quiz you have opened an application that could be used to obtain all your supposedly “private” information.

Databases—unknown to you, much of your private history is available for a fee to anyone who wants it—and without provenance of where they got it. For example, my prescribing information has been sold by pharmacies for years to pharmaceutical companies, who know exactly how much I’ve prescribed of any drug better than I do. Materials like Social Security numbers and educational records are available, generally at low cost.

Location—cell phones now tringulate where you are often to within a matter of meters. Add to that constant surveillance the closed circuit TVs sprouting everywhere, the information available through internet, appliances, and door entry devices, and the statement “we know where you are” is real. Even if you have no idea where your kid is tonight, someone else does.

And there’s a new wrinkle—digital iris scans. Once it’s in the database, walk down a street and someone else, generally in the police, will by camera alone know who you are—and where you are.

So is there any privacy left? We hold our medical records as among the most private parts of our lives.

Well, folks, it’s time to face the future.

The End of Medical Privacy

One of the more damaging revelations of the depredations of Rupert Murdoch’s British based news empire was the realization that even the Prime Minister’s family medical records were fair game. In 2006 the Browns had a son diagnosed with cystic fibrosis. Within months, thanks to the Sun, that was public knowledge, even though the PM thought his family and doctors were the only ones to know.

Now prepare yourself for the new Electronic Health Record (EHR).

EHRs are supposed to lead to a revolution in American medicine, with greater efficiencies and abilities to use common data for the common good.

Someday they might do that. In the meantime, however, prepare for anyone with the cash or interest to find out whatever secrets are buried in your records.

So far, the advantages of American EHRs have not been demonstrated except for electronic prescribing. Some hospitals with new EHRs have faced major revolts, as staff have found extra hours of work added to each day to input data—much of which is inaccurate and not personalizable, as it is expressed in protocolized form. I know of such hospital revolts in Connecticut and Florida, but the real fun will not occur until the main event—2014.

That’s when records become mandatory and nationwide.

In countries where EHRs tend to work, there are relatively few information systems (often only one) and regulated national rules on how they work. The US will instead be a free for all, with hundreds of different “competing” systems all trying to get in on the act.

Will they speak well together? Will they coalesce? Will they be able to work in concert?

If present practice is any guide, the future will see a very rough ride.

The costs will be astronomical as government estimates physicians will need to fork over $45,000-$60,000 each to connect private systems to local hospitals and databases. That many of these “connections” will not work, and will not work together, appears to be no barrier to demanding health providers spend a fortune to create them.

From a privacy standpoint, the results will be greater chaos—and more opportunity for anyone—your banker, your former girlfriend or boyfriend, your new special pal at work—to find out some of the most private stuff in the world—about you.

It will just be too easy—a few clicks away. Access will be through hundreds of thousands of people. A little knowledge of how to obtain passwords, and it will all be there to see.

Just think what your business rivals can do with that information; or even people who do not seemingly wish you no good.

What You Can Do To Protect Yourself

As I pointed out in an article on errors in EHRs, your ability to correct the systems will be finite. However, you might try:

• Carrying with you your own medical records—in a form you think correct. A flash drive can be stolen but a single printed sheet of your history—the part you want doctors to know—can prove invaluable in all new medical encounters—especially unwanted emergencies when you are out of town.
• Asking your medical practitioners what kind of information security their systems have—at least make them think about the issues. There is a possibility that some kinds of records can be kept private—if hospitals, insurance companies, or other family members are not involved.
• Supporting legislation that can track—and quickly punish—people who go after your most private information.

The Net will continue to make more information accessible. However, it also makes available who obtains and copies that information. That information can itself act as a major deterrent to those who want to know what they should not.

Dr. Matthew Edlund, M.D., M.O.H., is an internationally recognized expert on rest, sleep, and body clocks. His books include The Body Clock Advantage, Designed to Last, and Psychological Time and Mental Illness. His new book, The Power of Rest, shows that rest is a skill that rebuilds, renews, and rewires mind and body, and can increase productivity, health, and pleasure. For more information, visit his website, TheRestDoctor.com. You can also subscribe to his new Fitcast via the iTunes Store.