As my family and I were sitting down to eat this evening, my wife received a call from work. She works at a dentist office doing scheduling and marketing, so the call was about a patient that has an appointment coming up and this individual wanted to know if she had received the dental x-rays that had been emailed over.
A couple things about this exchange piqued my interest. First, the dental x-rays are being sent around electronically. I love that. But it’s the next issue that really has me thinking there should be a better solution.
Before I get to that I need to point out that my wife is Canadian. Canadians and Americans have a very different idea of what privacy is and we have long discussions about this in my house (to be honest they generally consist of my wife calling Americans paranoid and me smiling and nodding my head saying “Yes dear, your right.”). Now this may seem tangential or even off topic except when you consider that email, for the most part, is completely insecure. So when medical records, which one believes to be near the top of the information pile one would consider private, are sent via email, the privacy chain has been broken.
Unfortunately, the problem is much deeper than this. When you examine this a little deeper you find that now this patient’s x-rays now reside on, at a minimum, 4 different computers. The office sending them has a copy, the email server of the office sending them has a copy, the email server the is receiving them has a copy and the office computer viewing them now has a copy also. Not to mention anyone in between because, again, email is inherently insecure and it is highly unlikely, given what I know about the really poor software being used in dental offices, that anyone put in the extra effort to secure the email transactions.
Even if the effort and expertise was in place to secure the transaction, the system is still fundamentally flawed.
Why is this system fundamentally flawed? To put it simply, the wrong people are in control of sharing a patient’s data.
It seems to me that a better system would put the patient in charge of sharing their data. This is better in a number of ways.
First, when the patient shares the data, the patient is in control. They always have their medical information and they make the conscious decision to share this data and with whom.
Along with this has to come the ability for the patient to revoke the sharing. Converting this to a permissions based system. There are examples of this already in computing. When I install an application on an Android device, I get a list of what permissions I am giving this application and later if I decide I don’t want it to have those permissions I can rescind them. Facebook has a similar methodology when granting applications permission to use your data.
You can even grant permissions using a timed based methodology. Snapchat is a product that allows me to share photo’s with people. The photo’s expire after a set amount of time and the people I have sent them to no longer get to access them. Another, similar product, is Glympse is a location sharing product that enables you to share your current location with people for a short period of time and once the time limit has expired they can no longer access your location data.
Microsoft has a product called HealthVault that goes a long way toward this, but it lacks universal acceptance, which in the longer run hinders it’s growth. Google had a similar product but shut it down recently.
Former Sun Microsystems CEO Jonathan Schwartz has a startup called CareZone that approaches the problem from a slightly different angle, but is still trying to manage patient data, privacy, and access.
I would think that a move in this direction would be good for everyone. Consider how much time is spent managing, caring for, and securing patient data think of the cost savings in the health care industry.
And these are the sorts of things we think about in my house over dinner.