Xerox and Harris have teamed up to do a survey of Americans on the subject of medical records and the results are actually pretty striking: three out of four people in the U.S. would prefer paper medical records to digital. This, despite the fact that 40% think that electronic medical records (EMR) would provide better service and 60% reporting that a recent visit to the doctor included some form of electronic medical records keeping.
People are generally risk-averse in the first place and disinclined to change. This is even more common in the case of medical records and health care, for reasons I think are pretty obvious. So it isn’t surprising to find at least some resistance to switching from paper to digital records.
But while technologists and the tech savvy among us might be quick to shake their heads at the backwards thinking, its worth pointing out that, in this case, there are certainly legitimate reasons to question the wisdom of switching to electronic records. For all the reasons we worry about our own computers, we can stand to be thrice worried about computers containing sensitive medical records. And in fact, the Department of Health and Human Services recently released a report showing that security is generally lax at most medical facilities. This includes state agencies and hospitals, both.
Meanwhile, McCaffee has already identified numerous security gaps in medical devices such as insulin pumps and pacemakers that could allow hackers to control those devices, potentially killing them. And other reports show that, collectively, the wireless systems and commercial PCs that drive and configure such devices are simply not adequately tracked for security threats.
Granted, medical devices are different from medical records. And it is hard to envision a scenario where hackers go out of their way to kill a few diabetics. But the point remains: there is simply not enough security surrounding medical information and devices. Threats do not need to be intentionally geared at causing patients harm, they can simply be an unclosed vuln into which any random, curious hacker might wander.
As much as technology has the potential for building a brighter future of managed care, serious work needs to be done in order to make sure it is safe.