I’m still on a light posting schedule until next year but this was too choice to ignore.

In a front page article today, (available online, but subscription required) the Wall Street Journal details a medical records horror story.

A middle-aged woman’s fiance commits suicide. For that and other reasons she decides to move across the country taking a job in a new firm. Her hiring boss leaves, she doesn’t get along very well with the new boss, has sleep problems. She talks to a sleep center psychologist about the turmoil of her last few years after being assured her comments are confidential.

Of course, it turns out they aren’t.

Then, in 2001, she was rear-ended at a red light. When she later sought disability benefits for chronic back pain, her insurer turned her down, citing information contained in her psychologist’s notes. The notes, her insurer maintained, showed she wasn’t too injured to work.

But wait, there’s more!
Another horror story: the bill collector can see your medical history!

Dawn Ross, a 37-year-old Los Angeles hairstylist, says she was startled to discover how much a bill collector knew about her. Federal rules permit the release of medical records in connection with “payment.” Soon after Ms. Ross returned home from an uninsured hospital stay, the hospital’s collection agency began dunning her for $8,600. When she disputed the bill, she learned that the agency had detailed records about her miscarriage and the treatment she received for it.


Complaints: 23,896; Enforcement actions: 0
It turns out that under the federal rules:

The rules also do not require patient permission for the release of records for “health-care operations,” a broadly defined category that includes some marketing, data warehouses and fund-raisers. John Metz, chairman of JustHealth . . . says he has encountered patients who were diagnosed with borderline diabetes — then inundated with marketing materials . . . from their medical providers.

How thoughtful and caring!

OK, medical privacy is a sick joke. Now what?
As I noted earlier this month (see Help Wanted: Storage Leadership Position Open) the storage industry needs to show some leadership if they want Americans to buy into electronic medical records. This is a win for everyone: improved medical care, lower costs and a huge storage market.

So I’ll say it again:
Medical records are one of the biggest storage opportunities of the next decade – if Americans can be persuaded they are secure. Right now they aren’t, and with the continuing stories about lost laptops and illegal data access, there is no reason for people to get comfortable. Without public support electronic medical record systems are dead and millions of Americans will suffer from medical delay and even death.

EMC, with their recent acquisition of RSA, would seem best positioned to take on the challenge of creating, in conjunction with system integrators, truly secure medical record storage systems. HP, who is as big as IBM, is much less visible in this space even though their big storage business stands to gain the most.

Medical data security can never be solely a storage problem. Yet storage vendors have a huge vested interest is seeing that this problem gets solved. Time to get off the sidelines, big guys. Do yourselves and your country proud.