Today's Financial Times has a long feature about search engines and privacy, which notes (among other things) that even Microsoft is now lobbying for a new law mandating privacy standards. (Google wants them to apply worldwide.)
What's most interesting to me, though, is a chart, created from a Vontu-Ponemon study of data security from June, showing that the area of greatest fear remains medical records, followed closely by pharmaceutical records.
Two things should jump out at you here. First, the company sponsoring the study has a vested interest in fear remaining high. Second, despite how the chart looks, only 40% of consumers still fear medical privacy breaches.
Still, it's easy to argue from this that HIPAA has failed. If the idea behind HIPAA was to reduce public fears that medical privacy could be breached, those fears are as high as ever, maybe higher.
Fear is a powerful force. As FDR said almost 75 years ago, "nameless, unreasoning, unjustified terror" can "paralyze every effort to convert retreat into advance".
This is doubly true when it comes to health care automation. I see it in comments here all the time, a fearful assumption that everything can be breached, that nothing is safe, and that we're best off just keeping things on paper.
I'm sure some of this is merely a symptom of the age we live in, and public policy choices which have nothing to do with health care. But some of it is also justified, and some is Ludd at work.
The question is can we do anything about it, and if so, what? Legal guarantees have not worked. Assurances from politicians and vendors have not worked. What can we do to assure medical privacy, and enable the delivery of automation's promise to health care?
My opinion? Start tossing those who violate this privacy in jail, for long stretches, and pay a fraction of the attention to those trials we give people like O.J. Simpson and Brittany Spears.