If you doubt that last assertion, consider this: it has been estimated that a million and a half people are hospitalized annually in the United States due to adverse reactions to mis-prescribed and overprescribed medications, and some 100,000 die each year from adverse reactions to mis-prescribed drugs. How many of those deaths and hospitalizations might have been avoided by having an accurate patient record close at hand? When you reflect upon the full range of medical errors that take place each year due to missing or inaccurate patient data -- from unnecessary surgeries to under-the-radar cancers -- the value is clear.
Then again, in a perfect world, a shopkeeper could stock the shelves, post the prices, and leave for the day -- secure in the knowledge that people are honest and will pay for whatever they take.
This is not a perfect world. And that is why some people find health information exchanges so scary.
Unfortunately, not everyone follows the core precept of medical ethics first stated by Galen: "First, do no harm." Indeed, our society has learned the hard way that where there's a weakness, there's a weasel waiting to exploit it. And a database brimming with sensitive data is exploitation waiting to happen.
We all know that digitized health records have long been a target for identity thieves, and the list of major data breaches involving hospitals and other health care facilities is a long one. In fact, as Bloomberg reported recently, medical providers suffer more breaches than any other type of organization, with an astonishing 690 data breaches involving 23 million records since 2005.
The Surgeons of Lake County scenario is frightening, in part, because it can be (and has been) applied far beyond the world of medical records -- in the private sector, certainly, but also in government. Imagine a wave of database kidnappings-by-encryption targeting not just health information exchanges and other medical practices, but banks, insurance companies, government agencies, even military facilities. Clearly, such a scenario must be avoided -- even if that requires significant changes in the way we store, transmit, use, and protect sensitive digital information.
Even within the realm of health care, however, we are seeing the early signs of a potential catastrophe -- one that will be difficult to avoid precisely because the case for digitizing and centralizing medical information is so strong at every other level. The digitization of medical records may make a whole lot of folks queasy, but it is also smart and efficient, offering a huge opportunity to save both money and lives. It is, in fact, inevitable. Unfortunately, so are data breaches, and the identity compromises that will follow.
We need to be deadly serious here because we're not talking just money anymore. Lives are literally at stake. Up to now, the federal government has taken a hands-off posture with respect to the workings of health information exchanges, leaving it up to the states to determine how patients' data will be treated -- and whether they will even be told that their information is being shared, or given the choice of opting out. Even when patients are brought into the loop, they must balance the privacy advantages of opting out against the medical risks of being outside the system -- and thus losing the advantages of more rapid, more accurate diagnosis and treatment.