I applaud Steve Findlay and Alison Rein for framing the issue of information technology and privacy so well. I fear, however, that the problems we in the U.S. face are both formidable and systemic.
Its not just the Health Insurance Portability and Accountability Act of 1996 thats problematicits the entire healthcare payment system that HIPAA seeks to both manage and placate.
The U.K.s National Programme for Information Technologyan ambitious effort to create a national health record for Englandis instructive. The architects of this project understand the issues of privacy and public trust, and have proposed an architecture that will meet the requirements.
But public response and the concerns raised still put the future of the project
As is so often the case, it all comes down to trust: Do you trust (insert organization name here) to keep your information private? In the U.K., the organization in question is the government itself and its agency, the National Health Service. In the U.S., its a patchwork quilt of public/private, not-for-profit/for-profit organizations, and the principal body of legislation intended to protect us is HIPAA.
This act mandates privacy protections but grants an enormous and much-abused exception for healthcare operations, whatever that means. In practice, the payers have enormous clout, and healthcare operations are pretty much whatever they want them to be.
So, to trust that our medical records will be kept private, we must trust the U.S. insurance industry. This wont be an easy sell.
Bill ClarkCertified information systemsSecurity professional
Security and privacy systems architectShelburne, Vt.To submit a letter to YOUR VIEWS, click here . Please include your name, title and hometown.