Medical records

Producing and maintaining a database of medical records has very obvious benefits, not only for people who need medical treatment when away from home, but also because the system can offer a mine of information on regional practices, types of illness and disease, and the performance of the different practitioners and hospitals. All these are extremely valuable in planning and improving healthcare across the nation. Open access to such records is far less desirable if the data are used to obtain personal information about insurance coverage, job applications, or the lives of those listed on the databank. There is therefore a delicate balance between the potentially useful and negative access to the information. Purely in terms of healthcare, the medical histories are supposedly confidential in terms of actual name, so the health service assumes they have limited detailed access by some 10,000 personnel.

This implies an extremely low level of real security, as within any group as large as 10,000 people, there will be many who are careless, overly inquisitive, or willing to use their access for illegal purposes. The UK level of criminality may not be excessive, and perhaps health employees are more caring than most people. Nevertheless, even for extreme criminal acts, such as murder, from a group as large as 10,000 we might typically expect (and detect) at least one murder per year. So for less extreme crimes, there will inevitably be intentional misuse of the data. This is reality and therefore unavoidable. We cannot have both total security and a detailed database with widespread access.

A study in progress in 2016 in the USA has been looking at the more sophisticated ways data can be mined from records of doctors’ prescriptions, pharmaceutical sales, and medical records. Currently these have been encoded to preserve patient anonymity, but they still inevitably include factors such as age and gender, and in the USA there is a fragment of the zip code of the patient, and of the medical practice, as well as links to previous medical history. These generalized data are very valuable for looking at patterns of drug usage and localized diseases and how they spread, and to determine if there are links to cultural, economic, or industrial activities. They also disclose if some medical practices are abnormal in their prescription patterns. Finally, the records offer valuable knowledge for both the pharmaceutical industry and government health agencies.

Nevertheless, each of us has a unique medical history; knowing, age, gender and general locality of patient and doctor means that it is now feasible to access much wider databases to identify precisely whose records are being presented. This is clearly simple in a small township where there may not be many people of a particular age and a particular medical history. In reality, it is becoming feasible even for people in larger cities. The downside of such disclosures may be undesirable for a wide range of reasons. However, the reality of confidential health-related information has ended. This is a factor that may open opportunities to increase insurance premiums, or even be used in blackmail.

Security is further weakened as data can be densely packed on a CD or pen drive (or be sitting in a computer), and there are many examples admitted where such items have been lost or stolen, together with vast amounts of confidential medical information. The information can then enter the criminal, or public, domain.

A second example of a double-edged sword is the acquisition and storage of DNA information. Again the data could readily be taken at birth and stored nationally. It would offer great insight into genetic diseases and changes in health problems, or local anomalies that may be caused by environmental problems. The genetic identification would also be of value for forensic applications. Nevertheless, access to the precise names and locations of the people identified by their DNA requires an extremely secure and well-controlled system, operated by a minimum number of people. Whilst regional data may be widely used to help understand the effects of the environment on disease, individual identification would need to be far more tightly controlled.

Even for forensic purposes, the first step of matching the DNA of a person who is not on a criminal register should be channelled through a secure and encrypted route (i.e. not open to any member of the law enforcement). Release of the name or other details would be at a much higher security level than is used for medical records. In many cases, there should be no need for specific identification, but abuse of the data would be attractive not only to insurance companies and employers, but also to criminals. The opportunities for misuse are clear.

One area where this is particularly obvious is that numerous genetic studies have confirmed that, whilst maternity is a fact, paternity may be a matter of opinion. For the UK, the current studies suggest as many as 2 to 4 per cent (i.e. up to 1 in 25) of fathers may not be the biological parent of all their children. Similar, or higher, rates are cited from many other countries. Consequently, automatic access to such data, rather than analyses made during a paternity dispute, could undermine many families, or be used as leverage in blackmail.

A final comment on DNA data is that the public, juries, and police usage has tended towards total acceptance of DNA evidence. Reality has now indicated that corruption of such evidence can occur, and many borderline cases have resulted in errors of prosecution. It is a salutary warning that total confidence in any new technologies is unwise.

< Prev   CONTENTS   Source   Next >