Case’s Revolution Raises Privacy Questions

“Just because I’m paranoid doesn’t mean they aren’t out to get me.”

A few days ago I blogged about Steve Case (late of AOL and Time Warner) and his new healthcare “Revolution.” I offered my cautious optimism about some of his pro-active approach to improving our dysfunctional American health care system, but commented that some aspects raise privacy questions. Specifically, I’m quite uncomfortable with their online personal health record storage plans.

And THAT incited comments! And, not surprisingly, one comment came from other online record storage businesses. The basic tenor to the comment (read it — you’ll see) is that patients will benefit by easy access, and we can’t stop this train from running downhill.

And you know what? He is right. I know this. But it doesn’t mean I’m comfortable with it, NOR does it mean I think any form of online personal health record keeping is a good idea — yet. Here’s why.

My concerns revolve around hacking, and the theft of information. In 2007, electronic records are being kept in many localities, and at many facilities already, and are accessible only by the personnel involved in handling an individual’s visits to a doctor or facility. They are not accessible by patients, and they are “closed” systems. There are plenty of benefits to this type of storage, and they continue to grow in scope. I’m not familiar with how privacy issues are handled, but they do raise concerns, of course.

Case’s program, and the commentor’s program, involve patients keeping their own records online. These are the systems that make me more nervous, because there are no standards, and because too many people are not savvy enough to be cautious enough about what they store online. They are fertile ground for hackers who want to steal information: health insurance information, in particular, makes it easy to grab someone’s social security information.

And that leads to medical identity theft.

Medical identity theft is not unlike financial identity theft where someone steals your credit card numbers or social security number, then your financial identity, running up bills in your name and making your life miserable. It can take you months or years to sort it out, wreaking havoc with your credit and your future ability to get loans, purchase a home or car or other items. Because it’s such a difficult situation to overcome, you can now get a rider on your homeowner’s insurance to pay for reclaiming your own credit identity.

But credit identity theft may pale in comparison to medical identity theft — at least at its extreme. If someone wants to steal your medical identity, it usually begins when they use your health insurance. Once they do that, then their medical records may infiltrate YOUR medical records. And that can create all kinds of problems. At its extreme, it could kill you. Bear with me here….

Suppose the thief steals your health insurance information, then sees a doctor somewhere within the same locality or health system you participate in. That would mean that his records could then get mixed up with yours. Consider just a fraction of the possibilities from that. Maybe his blood type gets recorded, and its not the same as yours. Maybe he has HIV or AIDs. Maybe he has an STD. Now, the next time you visit a doctor within the same system, the doctor reviews your records and thinks these are YOUR problems.

An extreme? You get hurt in an accident, or have surgery, and need a blood transfusion, and the wrong type of blood gets transfused. Yes. It could kill you.

Honestly, I’m not trying to alarmist. I’m just pointing out that keeping records online has far-reaching ramifications that need to be considered by us patients before we buy in. It’s simply a cautionary tale. I am fully aware of some of the benefits of keeping records online, too. I’ve blogged before about the benefits, including access from anywhere, access in the case of someone who may be in a coma, and access in the extreme cases of paper-based record destruction such as Katrina.

And as you know, I always go back to my paranoi – er – um – my assertion that American health care is not about health, or care. It’s about sickness and money. And these companies that want us to keep our records online — they are all about the money so far. I can’t blame them. Profits are a good thing.

But for us patients, I say, tread cautiously. I don’t know of any way of assessing how un-hackable those servers that will store your records are. I don’t know of any way you can check your medical records to make sure they are yours (a la credit bureaus.) If the idea of storing your records online is appealing to you, then leave out any personally identifying information — at least for now.

Your life may depend on it.

Want more tools for sharp patients?
Sign up for Every Patient’s Advocate once-a-week or so email tips.
Trisha Torrey
Scroll to Top