Medical Device Daily

Whether anyone, or any publication, other than Medial Device Daily, will mark it or not, the year 2006 may well be considered a point in time when a variety of events served to delay by several years – though, hopefully, not totally obliterating – the possibility of developing a nationwide, portable, electronic health record (EHR) system in the United States.

Such a system must rest, very essentially, on the assurance of privacy – that details of a person's health and treatment will be kept from the prying eyes of those who might use that information in an inappropriate and illegal manner, such as to deny or abrogate employment or employment benefits, to deny or withhold insurance benefits, to use in civil or criminal legal action, or to use in a variety of uncounted ways yet to be known or defined.

But key events of year 2006 can only put into the minds of the public that a national EHR system cannot be safely secured from unwanted eyes, whether official, semi-official or simply the multitude of hacker geeks out for miscellaneous mischief.

This past month the Veterans Administration (VA; Washington) reported (rather tardily, it might be noted) that one of its employees carried home a laptop loaded with mega-amounts of mega-bytes of information concerning millions of clients of the VA and that this data was then stolen from the staffer's home.

Significantly, the wording of the VA's acknowledgment of this did not indicate that the carrying away of this information was a terribly sophisticated operation, such as the employee having to circumvent a variety of sophisticated security systems. Rather, these reports suggest that it was simply a matter of walking out of the building with a laptop and that this was done almost haphazardly, even perhaps, in the staffer's mind, as standard operating procedure.

No, the data didn't include healthcare information, the VA has assured us. But that is rather beside the larger point, isn't it?

Any other information perhaps could have been carried away as easily, and Joe and Jane Veteran (or Joe and Jane General Public) aren't going to make much of a distinction on this point, nor should they. If such large amounts of general data can be so poorly secured, what else might so easily disappear?

And we can't help but put this in the context of even larger matters.

The VA's disclosure comes after the recent acknowledgements from Big Government that it is tracking our phone calls – not only overseas calls to potential terrorist factions but also our domestic phone calls (with the Limbaugh-esque defense that, well, what's the big deal? – everybody else, such as banks and product marketers, are keeping track of what we do day-to-day, so why not national security interests?)

The big deal is that such revelations send the message that no data is safe from the government or anybody else, no matter what guarantees are given concerning its security.

And this is very, very unfortunate. It is unfortunate because a comprehensive portable EHR is critical to reducing the massive waste in the U.S. healthcare system.

Additionally, it is potentially a very important key to filling two other large unmet needs in U.S. healthcare: the development of a comprehensive system for assessing the quality of healthcare delivery and, further out, the development of a one-payer insurance system for the United States.

These elements could all be developed separately, of course. But they would work better as three legs of a comprehensive platform – a national insurance plan (analogous in some ways to the VA itself) providing the basis for collecting a wide-ranging amount of information on healthcare delivery, with that information then being used to assess quality.

But who now is likely to believe that such a database can be developed from a large EHR system – or developed in any other way – for healthcare purposes alone?

The government has, for the past several months, been sending the message that security issues trump any laws intended to protect privacy, and who knows what governmental purposes might be put to in seeking out the most intimate facts of our health?

(And again – using the Limbaugh-esque excuse, if the government is doing it, why not everybody else?)

Too paranoid? Of course, maybe, perhaps, too paranoid.

But paranoia can become real-world perception. And there is no doubt that current public perception is that any guarantee of absolute healthcare protection is nothing more than a flimsy verbal sieve, and any protection of computer data against prying eyes rather easily penetrated.