My wife is about to start her medical residency, and as she was filling out a survey sent to all graduating medical students by the Association of American Medical Colleges (AAMC), she called me over with a chuckle. One question asked her to express her level of agreement with the following statement:
I am confident that I have the appropriate knowledge and skills to protect the confidentiality of private information obtained from patients and colleagues when the information is stored on the computer.
She asked me: “does anyone have that knowledge?” I am a little bit proud that I seem to have trained her well!
Indeed, who does have the appropriate knowledge to protect the confidentiality of private information on a computer? Just about every doctor I know accesses some patient records from their home computer at some point or another. Is the data path encrypted? If they send themselves a copy of a patient note via email (which they do all the time for lack of a better system to synchronize work and home documents), do they know who runs their email service? Is it gmail? Is it sent using SMTP/SSL? Are doctors even supposed to know what that means? What if their laptop has spyware? And what happens when they eventually sell their home computer: do they remember to wipe clean their hard drive appropriately?
Oh it’s messy. And it’s going to get only messier. The tools just aren’t there to help doctors do the job they need while truly protecting their patients’ privacy. It’s not about skills. Computer systems leave traces of data in all sorts of random places, and it’s pretty much impossible to know every possible place where you might be leaking patient information.
Interestingly, when people talk about healthcare privacy, it usually doesn’t take long before some techie says “hey, we can use DRM technology to protect private health data: the data can be copied only to approved computers, it stays encrypted until it’s time to display it on screen, and voila!” In fact, “DRM for healthcare” is sometimes used as a benevolent excuse for developing DRM technology in the first place, at which point it can be applied to just about anything, like, say, music, which is really what folks wanted to apply the DRM to in the first place.
I’ve said before how much I dislike DRM for consumer products like music, in particular how DRM = incompatibility. (It’s great to see that this seems to be changing with the Apple/EMI deal.) Certainly, where healthcare is concerned, DRM is a much better idea. But I’ll go out on a limb and say that, even for healthcare, DRM is the wrong model.
At the end of the day, DRM is about taking control away from the user in order to enforce certain information sharing rules. But in a medical setting, that’s just crazy. If a doctor needs to copy and paste a sentence from a patient note to an email, they need to do it, period. The tool cannot get in the way. Like those annoying auto-capitalization correctors in word processors, DRM is the computer telling the user it knows better.
Certainly, judicious use of encryption and authentication is warranted to keep the data secret and to leave no random copies of the data behind. That said, instead of turning features off, the technology should enable its users to do what they need. The right model is likely some combination of data encryption to prevent unintended leaks, unimpeded and authenticated access to the data to let the doctor do her job, and extensive logging to keep a handle on potential privacy violations. Any solution that impedes a doctor’s day-to-day information-sharing needs, including DRM, is a non-starter.