Mar 24 2010

Deborah Peel: “Your Medical Records Aren’t Secure”

Published by at 8:22 am under AHLTA,Heath IT,patient safety,VistA

Here is  Wall St. Journal Op-Ed piece by Deborah Peel arguing that our medical records aren’t secure.

I did a video interview of her a while back:

She was watching a video I had posted earlier by Esther Dyson, who explained her reasoning about having her personal genome and medical records published openly:

These are two very intelligent, accomplished women, both of whom I have great respect. It’s amazing to see how diametrically opposed they are on the issue of patient privacy.

I stand somewhere in the middle between these two positions. The #1 thing to do, I think, is to reduce or eliminate the downside potential of getting medical information… reducing the risk involved lowers the cost of the security. This is not possible for all information, but we can do a lot to make this better.

I also take exception to Deborah’s use of “security” as if it is an absolute go/no go term. All security is a tradeoff between risk and reward. It is more a matter of how much someone is willing to pay to get the information. Security raises the cost of getting the information, but to have absolute security, we would have to shut down all access.

The other issue I think is relevant is that computer-based security systems can track who accesses the information, so there can be an audit trail that John Smith accessed Mary Jones’ record. With paper-based systems, John Smith can copy the record on a copy machine, slip it into his pocket, and walk out completely undetected.

I designed the information security systems for both the VA’s VistA and DoD’s CHCS systems, and defended the architecture to visitors in black suits, sunglasses and no names from unnamed agencies in the DC area – something out of a b-grade movie. These systems have been operational for over 20 years now, supporting about 10% of the US hospital information. To my knowledge, all privacy leaks have been from legitimate users leaking the data manually. I have not heard of any electronic attacks to get the data.

This might change, but at the moment, I think that the security risks are a people problem, not just a computer problem. The way forward, I think, is to mediate access to the medical record by a person-specific system. We need to have a personally controlled health record, something that I’ve been advocating for 15 years now.

Here are some comments Esther Dyson sent me after I posted this entry:

I wouldn’t say we are diametrically opposed. I published my *own* records, not other people’s…. I understand there are reasons many people want to keep them private, and they should have that right (and ability). At the same time, I think it’s more important to fix the system so that having your records leak out isn’t financially dangerous, even though it may still cause people genuine harm as a breach of privacy. (That will also reduce the incentive to use the records except as they apply to celebrities.)

so.. I think we should have good security. I think people should be able to decide for themselves what happens to their records. I do not think loss of privacy is the worst harm that could happen to someone… but people who disagree should be able to act on that belief. However, people who are willing to take that risk will benefit not only themselves – better support and treatment – but also others, when their data is used (under conditions they consent to, understanding that security is not perfect) as the basis for medical research.


No responses yet

Comments RSS

Leave a Reply

You must be logged in to post a comment.

Creative Commons License
Images by Tom Munnecke is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Based on a work at
Permissions beyond the scope of this license may be available at