[michaelt]

I wish I believed we could make a database shared between my GP and my spine specialist without my records also being shared with all insurers, employers, marketing companies, security services, medical researchers, credit rating agencies, and anyone who slips any hospital employee a hundred bucks.

[rwallace]

So do I, but given the world as it is, wouldn't you much prefer some idiot marketing guy spamming you on the basis of your medical records, than a screwup in the chain of communication between your GP and spine specialist leaving you crippled or dead?

[jerf]

Yes, of course. But "idiot marketing guy" isn't the worst case scenario, nor is it even the worst plausible scenario. Job loss and inability to get health insurance aren't hypothetical concerns... laws have been written about this because they happen, at scale. While I'm inclined to think the regulations as they stand today are heavy-handed and more expensive than they need to be to get the job done, that doesn't negate the fact that they exist for a reason, a reason that isn't just hypothetical but happened a lot.

[rwallace]

Job loss and inability to get health insurance are serious issues, granted. I will suggest the root causes of those need to be tackled for other reasons anyway, starting with the utterly insane practice of having employers involved in health insurance.

[fixermark]

It seems almost like the real issue is the insurance schema that makes medical care inaccessible without third-party money.

This notion suggests that the right place to start the kind of big-data medical disruption that could work would be a nation with a weaker or nonexistent medical insurance framework.

[rayiner]

It's not just insurance. Companies these days are using credit history as a reason to deny people employment. The credit card companies will hand out this information to almost anyone. Imagine what these folks will do with medical data.

[laurenstill]

...and the hospitals are using credit card data in their population management models. Oh, you've stopped by the liquor store 3 times this week and now presenting with pancreatitis? Sorry, you are now in our "at risk" billing class.

Just cause I'm feeling particularly paranoid today.

[michaelt]

I don't have anything requiring regular medical treatment, but my medical records identify me as someone who has suffered mental health problems, who regularly drinks to excess, who habitually uses cocaine, and who caught an STD in a nazi-themed prostitution orgy while I was a sex tourist in a deprived country.

I'd prefer to retain my privacy and take my chances on the medical miscommunication front, thanks.

[fixermark]

I can't help but think that the nazi-themed prostitution orgy part doesn't need to be in the medical records. You should probably talk to your practitioner about logging discretion. ;)

[msandford]

It's the asymmetry of it. A person might have only one GP and one specialist. That is fairly easily managed. It's not good I agree. But it's MANAGEABLE.

Once there is a single large integrated database it's a HUGE target for people to creatively re-interpret the rules such that they can sell access to it. It's also a hacking target too since doctors tend to be a real pain in the ass about collecting all kinds of information that's not medically necessary but perhaps necessary for billing or in case you try not to pay your bill.

Right now this information is federated meaning that there's no one single point of failure. Hospital X's systems might go down, but Hospital Y's systems are still up. That means that unless something REALLY BAD happens across all the hospitals you're not going to die because a computer crashes.

I am far more on-board with good interchange protocols (Diaspora) than with one large centrally managed database (Facebook).

[unethical_ban]

This is a false dichotomy. Can't we have secure, somewhat non-portable EHRs with super strong "Won't release without auth" procedures, or perhaps, as someone else implied, the data should be transfered via sneakernet on USB or similar?

And how common, as a ratio, are crippling medical screwups related to multi-practice miscommunication? I'm sure the absolute number is non-zero, but risks must be weighed. If one person having a crippling issue saves 100,000 people from having their personal data released against their will...

[rwallace]

Highly secure systems are possible in theory; we just don't have them today, and we aren't likely to have them tomorrow either.

Crippling medical screwups that could have been prevented by having the right information available at the right time are actually shockingly common. I don't remember the specifics, but I've seen claims to the effect of a five digit annual death toll in the US alone.