IT's surprising leader in patient privacy

IT vendors will make billions of dollars on electronic health records (EHR) - if we can get people to use them. But vendors are mostly silent on the issue of health privacy.

The surprising leader in health care issues and patient privacy? Microsoft. Given the Gates Foundation's focus on 3rd world health maybe it shouldn't be a surprise at all.

But the lack of patient privacy threatens to undermine the entire effort.

The problem Dr. Deborah Peel, a psychiatrist and founder of Patient Privacy Rights said in a recent column in the Wall Street Journal:

In 2002, under President George W. Bush, the right of a patient to control his most sensitive personal data—from prescriptions to DNA—was eliminated by federal regulators implementing the Health Insurance Portability and Accountability Act. Those privacy notices you sign in doctors' offices do not actually give you any control over your personal data; they merely describe how the data will be used and disclosed.

But patients are right to fear the release of potentially embarrassing information on such health issues as STDs, depression or substance abuse problem, abortions or miscarriages and other issues that should be between a patient and their doctor - not a mortgage company or an employer.

Today our lab test results are disclosed to insurance companies before we even know the results. Prescriptions are data-mined by pharmacies, pharmaceutical technology vendors, hospitals and are sold to insurers, drug companies, employers and others willing to pay for the information to use in making decisions about you, your job or your treatments, or for research. Self-insured employers can access employees' entire health records, including medications. And in the past five years, according to the nonprofit Privacy Rights Clearinghouse, more than 45 million electronic health records were either lost, stolen by insiders (hospital or government-agency employees, health IT vendors, etc.), or hacked from outside.

One poll found that 1 in 8 people have withheld information from doctors out of privacy concerns. Another poll found that fully 59% were not confident that their health records would be protected if stored electronically.

This is America, where non-compliance with "official" policy is a way of life. If you hope your company will make billions on the EHR market, maybe you should think again.

The solution Dr. Peel's organization is lobbying Congress to protect patient privacy. Kudos to the ONLY computer or storage company that has joined her in the fight: Microsoft.

The Storage Bits take Maybe I expect too much from vendors. Why should they care if rampant abuse hoses the EHR market and sours public attitudes towards major users of storage products?

But somehow it doesn't seem like too much to ask for at least IBM, HP, Oracle and NetApp to get involved to ensure that massive data storage infrastructures are not abused. Having millions of consumers hate and fear your products - or their use - seems counter-productive.

Ask your buddies at Goldman Sachs how that feels.

I hope this is just an oversight and that vendors jump aboard. Vendors?

Update: Sign a petition to Congress for a Do Not Disclose law that gives you control over your health information. End update.

Comments welcome, of course. Microsoft's Senior Director for Healthcare has a good blog, too.