There are two stories in the news that you might have heard about recently. The first is about how hackers may have stolen millions of electronic medical records. The second is that President Obama wants all medical records to be electronic in the next 5-10 years.
What are people saying about health insurance electronic medical record security?
As you can imagine, these two stories are combining to form "All your medical information will be stolen" stories. Putting aside the fact that the hackers may be lying about stealing the medical records, I thought I'd talk about the relationship between these two events and what I, as a programmer in the healthcare industry, think about it.
First of all, when implemented properly, electronic information is generally more secure that paper files. It's harder to "hack" into a well designed system to steal records than it is to break into a hospital and steal all the files. Also, electronic data can be encrypted so that even if a hacker does get their hands on the information, they won't be able to read it.
When you hear stories about credit card or social security numbers being stolen from a server, it's almost always the case that either the system they were being stored on was at fault (which can easily be prevented) or it was an inside job (which can also happen with physical records). What I'm saying is, assuming we implement this system correctly, there's nothing to worry about.
But I am worrying all the same. I know a few doctors and it sounds like the technology hospitals use for administrative work is poorly designed and outdated. If Obama expects these hospitals to be entirely digital in the next 5 years, chances are good that they will try to patch their existing systems rather than building from the ground up. This could lead to a real mess. Adding new functionality to old, broken systems doesn't normally work very well.
In the mid-90s, the IRS began upgrading their antiquated IT infrastructure which was designed in the 60s. The result was one of the most embarrassing technology failures in the history of computers. Like many computer science students, I studied this as an example of what not to do. The moral of the story was that at some point, a system becomes so broken that you are better off rebuilding it from scratch rather than trying to fix each and every problem individually.
I could see this happening if we're not careful. Apparently each hospital will be eligible for up to $11 million in reimbursements in return for being an early adopter of electronic medical records. If this money is used properly, the country will be in a much better place in 5 years. If the money is squandered on patching problems rather than rebuilding, it wouldn't surprise me if we see a few more cases of identity theft via stolen medical records.