There are a few bits of my life I’d sooner keep hidden. The year I grew my hair out as an act of post-school freedom-loving that was actually the height of conformity. That time I got teary in Neighbours because Harold seemed really upset about missing his wife. The important thing is those moments of maximum mortification are private. This is because they are the sole reserve of my memory or a few photos on the computer, and my computer is pretty safe. Safe enough that locally we’re making big plans to get everyone’s medical records online as much as possible. Pretty safe, right?
The Risks When People Talk
Electronic health records sound like an idea whose time came a few years back. In a time of readily available connection, patient care is too often hampered by our inability to rapidly source the information we need. GPs have to wait interminably to hear details about their own patients from other professionals. A patient turns up to a hospital and nothing about their care from anywhere else is at hand, making it harder to find out what their prior health was or make fully informed decisions on treatment. We even know that handover directly from person to person can be a highly fluid process. Even these direct interactions are pockmarked by errors that need comprehensive approaches to address them.
Electronic records could do away with this. Stored somewhere else but ultimately belonging to the patient, having the sort of rapid secure access that lets you see the really funny cat photos of the internet, could remove some of history fog that surrounds those we look after for the first time. That’s why I’ve been eagerly watching for this, hoping it will provide the ready information practitioners need to decrease the risks we create by what our mouths do (and don’t) say.
The reality has come to a shuddering halt. Even the council workers with the “stop-go” signs are sitting at the side of the road a little disgusted. Maybe this isn’t surprising when you consider how hard even getting computers talking to each other can be. Last year it emerged that targets for getting patients signed up to the Patient Controlled Electronic Health Record (PCEHR) hadn’t been met. Assoc. Prof. David Glance wrote at the time that it would have been meaningless even if the target was met, as most would only have an empty record anyway.
Since then, multiple clinicians involved in the project have resigned and the incoming government commissioned a review (delivered in a blindingly quick 6 weeks or so) which probably covers a range of big problems. While that report nudges its way around an office in Canberra like a half-deflated balloon there is ongoing funding in the budget for the PCEHR. It’s fair to say there’s no new car smell any more.
As we wait though, more and more emerges about the security of the information we share. Is there enough in more recent revelations to say we should reconsider altogether?
Nothing is Hidden
It was worrying enough that low level bumbling was enough to expose details of asylum seekers or render the myGov website as secure as your café’s newspaper. “This was just a hiccup” I thought, having been conditioned to think that internet security was guaranteed by those programs with such reassuring names – the dour Scottish McAfee (yes I picture McAfee as a highlander) and the earnest and watchful Norton.
Then I read this article. Written by Quinn Norton it lays out in long form the variety of ways that the software you think has been honed to be a fine-point tool for your digital life is actually a shambling smear of grunge. Worse, it is operated by people. People like me who think of McAfee as a guy who likes bagpipes. Maybe McAfee and the like would be better represented by the security guard on a Segway, hopelessly not up to the task.
The article describes the possibility that your computer may pretty much be open for others to read. Even if that weren’t the case, the private histories you can create just from knowing the stuff just outside the actual details of people communicating, the metadata, has been starkly illuminated by a Stanford study. Subjects in that study knew their phones were being watched but the details of who they called write the hidden subtexts of their lives in a big neon scrawl. These technologies as they stand leave your health history open for anyone.
I don’t want that. I don’t want it for me and I certainly don’t want it for patients. The trust between a clinician and their patient is vital to allowing free and open discussion of all those things you wouldn’t discuss at a party. That confidential space should be visited only on invitation. It certainly shouldn’t be open to a stranger catching a late night computer screen tan.
So right now, I hope the tools only get picked up to make the road safe. The one thing that is encouraging in that article on broken things is the conclusion that these security issues can be fixed if that is demanded. When that report on Australia’s e-health records finally surfaces I hope it opens by saying that electronic records will soon be delivering real benefits for patients, but only after investment in substantial security improvements.
While I’m waiting, I might just get rid of a few long-haired likenesses.