Electronic Health Records Standards Tentatively Agreed Upon

In a prior job, I had the dubious honor of being, in some folks’ minds, the embodiment of evil – working with consumer credit data in insurance pricing, poking around in summaries of consumers’ financial transactions to see what could be learned about their behavior.  (Yes, most of my work was anonymized and done in such a way as to not impact consumers’ live files…but I’m sure that some consumer advocates would actively disbelieve the truth there.)

That experience, along with my own quasi-libertarian, pro-privacy paranoia of accumulations of data in the wrong hands, has caused me to advocate certain protections be implemented in collections of personal information – in particular, the maintenance of records where an individual can see who accessed what information for what reason.  It’s standard operating procedure in some databases, but it’s not universal.

So, I was very pleased to see a comment on the subject in this Business Insurance article discussing an agreement on standards of developing electronic accumulations of personal health data:

U.S. consumer groups, insurers and privacy advocates, together with Google Inc. and Microsoft Corp., on Wednesday said they have agreed to standards intended to speed adoption of personal electronic health records.

The electronic medical record field remains in its infancy. While U.S. privacy laws govern actions by medical providers like doctors, there is little in the way of other established privacy, security and data usage standards despite decades of industry effort.[…]

Principles for personal health records include an audit trail to track use of the data, a dispute resolution process for consumers who believe their personal information has been misused and a ban on using data to discriminate in employment.

Also signing on to the principles are WebMD; Consumers Union, which publishes Consumer Reports; AARP, the seniors’ lobbying group; and America’s Health Insurance Plans, which represents major insurers such as Aetna Inc

I am still leery of the development of massive databases of such personal information, but at least it looks like the folks pushing it are on the right path on certain security aspects.

However, I do still wonder about the efficacy of such databases, given that there seems to be many different players building their own “solutions”.  Won’t there be a problem with the balkanization of the universe of personal health data?   Perhaps the next high-level agreement needs to be some collaboration on import/export standards….