Anti-Buzz Security

Anti-Buzz: Patient Records Revisited


Andrew has been writing Anti Buzz for 4 years resulting in almost 200 articles. For the next several weeks we will revisit some of these just in case you missed it.

BIG NEWS, We may have to wait a bit longer for some new Anti Buzz articles as Andrew just became a new father. Congratulations. That means that I just became a Grandfather. 🙂

Anti Buzz: Privacy in the Internet Age:

newface-620x461The privacy conversation has more legs than I anticipated, having already found myself exposed to many stories and opinions on the subject. In early 2014, “predicting” that privacy is going to be a big deal in the near future was a safer and simpler guess than I would have anticipated. But this is good for me, and for you, because I have a lot to say on the subject, and dentists have more at stake in the conversation than most people. Expect more privacy-centric conversations in the future here. This week: a practical map of what the concerns are for your practice.

First, a lot of what I will say today isn’t really new to this blog. My father has discussed electronic dental records many times before, and I’ve chipped in with my own perspective. My father was keen enough to the ambiguity of “ownership” before it was popular discussion. And most recently, of course, is HIPAA and what it could mean for you. In short, the records you keep on your patients are a hot commodity.

As somebody who increasingly fancies himself a scientist, I am very sympathetic to the arguments put forth in this TED talk – briefly: We stifle innovation by limiting access to patient records, yet this flies in the face of conventional wisdom and ethics. It is highly unlikely that your patient records are the key to curing cancer, but the truth is that we don’t know what innovations we are missing by keeping things locked up. This much should be easy enough to convince people of by now as the conventional wisdom has shifted far away from technophobia’s famous “Everything that can be invented has been invented” attitude.

The question is, of course, if the benefits outweigh the invasion of privacy, but I don’t actually presume to make up your mind about that. I do presume to tell you that you are going to need to take a position on the matter before too long. I am perhaps getting ahead of myself here. Let’s walk through why your patient records are important, and to whom.

First, your patient records are important to you because you use them serve your customers. This is the simplest, most basic purpose for those records. This is the same value they held decades ago when they were papers and charts living in a fleet of filing cabinets. You need those records because you need notes on your patients, because you need to recall their history each time you see them. Easy.

Second, your patient records are important to your patients because they contain personal information about them. This much is also easy to understand. It’s a clear cut issue of privacy. When a 40-year old gets a cavity, well, that might be embarrassing. Keep it to yourself, right?

Those first two interests explain the conventional understanding of patient records, and in decades past only you and your patients were the only one with a large stake in those records. They agree to let you keep notes on them because it will improve the level of service they receive, and you recognize the ethical obligation to respect their privacy. In fact, in the old arrangement, you have a large amount of control about what sort of information you keep. Yes, sure, there are standard forms, and standard practices, but your patient records only ever needed to make sense to /you/, because you were the only one using them.

But then your patient records got digitized, and like everything else that has been digitized, it has changed everything. On the immediate horizon for you are the benefits of data mining. Without spending a lot of time on the topic, let’s just assume for now that in the near future you could contract a data miner, (or maybe even employ one directly), and pull all manner of useful knowledge out of your patient records. Why have patients left you? Why have patients agreed to optional services? What opportunities are you missing? How much money does a certain policy make or cost you? Ultimately, this is a natural extension of the role your patient records already played: information that helps you serve your patients better. But the mechanics are much trickier. Specifically, you are giving access to those records to somebody else, (possibly in a violation of privacy), and you are now required to keep the sort of records that make sense to a data miner instead of the sort of records that make sense to you.

You have, in a sense, lost control of them. There is an entire discussion to be had on the relationship such a data miner consultant would have with your patient’s privacy. Today, right now, just make a note of ethical complications, because they only get worse from here.

The next step for such a data miner is to not only look at your records, but to look at everyone’s. Answering the sort of data-mining questions I posed earlier gets easier when you can compare records across many practices. This requires the wrangling of patient record standards, and the revelation that somebody is being trusted with /everybody’s/ records. And once a data miner takes your records, they have them forever, which is another aspect of the information revolution that hasn’t fully dawned on everyone, (“Facebook is Forever,” as a friend of mine used to say).

But the benefits? Well, it’s hard to imagine the benefits, and you could be pessimistic and suggest that dental records aren’t as important as, say, genomic data that might very well cure cancer, but do you really believe that in dentistry everything that can be invented has been invented? I understand that I’m selling you the vague promise of “things you can’t imagine”, but I am very wary of killing innovation in the name of mid-20th-century ideas about privacy.

I want to be clear that I’m not trivializing the ideal of privacy, but trying to argue for the greater public benefit of pooling all of our personal information requires one to take the tone of a devil’s advocate, and there is not enough space today to talk about the subtleties of the debate.

What I will say is that you, as keeper of private records, in a world suddenly very eager to talk about privacy, in a world increasingly capable of leveraging electronic data for profit, are not going to get away with being oblivious to these issues for much longer.

Leave a Reply

Your email address will not be published.