Transparency is Critical

I am of the opinion that transparency reduces errors as well as corruption. My belief is that you should behave as if the world is watching you. And in this day and age this would seem to be the case.

Everywhere you turn there are cameras, all forms of media channels, and lurkers. Do you remember Rodney King? Do you think the policemen would have acted the way they did if they knew a camera was recording their actions?

Access to information laws make it possible for reports to get detailed information from meeting schedules, bills and invoices along with any public document. There is just no hiding the facts, and if someone tries this it is more damning than the actual evidence.

Politics and healthcare have been linked for many reasons this past year. Primarily it is because of the escalating costs associated with government run programs, our aging population and our rising chronic diseases. Some believe that government should not run our healthcare system. I believe if we trust the government to collect our taxes, pay for education, build our roads, and manage the military than why is healthcare any different?

We need to be transparent on the cost of healthcare and the delivery of it needs to be focused on the people involved. You don’t want a doctor or nurse to pause for a second, when delivering care to check if you can afford it. If a patient needs help then provide the care needed. No insurance company, private or public should get in the way of patient care. No secret decisions or exclusions; transparent public scrutiny is the best way to achieve better care.

I recall reading about a hospital that not only allowed but encouraged patients to review doctors’ notes and entries in their paper charts. What the administrators noticed is that very quickly the doctors’ handwriting improved. The reason is obvious, patients would ask questions of notes they couldn’t understand or read, this increased the time doctors’ spent to explain what they wrote. Clearer written notes also became more explicit and coherent. Imagine.

Now if this was electronic, the patient could also review, annotate and correct errors. The system could provide full audit trail and timestamps. No more questionable practises, short hand notes or incorrect doctors’ orders. And also better drug management would be possible.

Shining a light on health practices, giving access to those that need it while securing privacy of personal details, I believe will lead to better health outcomes. The same is true of financial investments and government.

Would Bernie Madock have been as successful with his ponzi schema if everyone knew how their money was being invested? Would Watergate have happened? It’s all well and good for newspapers and investigators to find and report on these events, yet it would be to everyone’s best interest to prevent them from happening, and the means to achieve this is greater transparency.

Who’s your keeper?

When you go on vacation you give a key to your home to someone. You may even have a neighbour that keeps an emergency key for you. And you trust them not to go through your stuff; just water the plants and bring in the mail. Who does this for your health information?

When you are travelling do you have enough information with you about your health? Can you get your health information? What if you are unconscious, perhaps your spouse or travel partner can convey the information needed.

Of course your family doctor has your health information, right? So is your doctor your keeper? Can they provide this info when you are out of town? When you are in the waiting room of a hospital in another city or country, when you can’t speak for yourself, who is your keeper?

Medic Alert has a great message; “we speak for you”. Their service includes more then allergy alerts it includes health information. Other services provided phone support for medical emergencies.

As a Scuba Diver my wife and I belong to Divers Alert Network(DAN), along with travel insurance DAN provides a 24-7-365 phone services in case of medical emergency. But they don’t have my medical record.

Perhaps all you need is a sheet of paper folded up in you pocket, with a list of numbers, perhaps drug prescriptions and contact details. Is this enough?
With my bank card I can go to any ATM almost anywhere in the world and withdraw money. I may not be able to deposit a physical cheque but with ATM access and internet access I can do almost all of my banking anywhere I go.

Clarity Health Journal

Yes the same is possible with my health information. A smartcard with PIN access, that can be read in any computer in a hospital of doctors’ office. And you can use the internet to access what you need. Of course you will still need a neighbour to water you plants and feed the cat.

Manage your diabetes

Security by Design for eHealth

How secure is your home, your car, your office? Do you use double bolt lock or have bars on your windows? How about internal alarms?

For the most part your answer to these questions depends on where you live and the value of your possessions. At the very least you have locks on your door, but you may leave the door unlocked from time to time. This is risky yet unlikely to result in major loss. If you do it too often and become lax in your home security then you give a thief opportunity that puts your possessions at risk.

Bank Vault

The level of security and privacy is dependent on the risk tolerance related to the value of what you are protecting and personal risk avoidance. When in comes to our personal health information the value of which is questionable, security can vary. Critical details about us and identifying information that can be used to obtain fraudulent documents or prescription must be treated with great care with the highest level of security. Our less personal details are not likely to be used to gain access to our money or take possession of our personal goods; these pieces of data are less important. While you may need the security of a “fort knox” to secure critical data, a simple key and lock is all that is need for other less critical details.

How do you secure data in your health information? Data that is stored must be encrypted with restricted access; when viewed it must only be displayed to a verifiable user with correct permission. Even with high-level security it is impossible to prevent a wandering eye on a screen. Early in our development of health information access the question of security and privacy always came up. Usually asked by doctors and nurses who raised this objection as a means to slow adoption. My quick response to questions on the security of electronic data was to point out that; currently fax machines in the hallway had patient data displayed, that behind the nurses station a white board with patient names and other identifying data was displayed for anyone visiting their unit; and that carts of patient charts are routinely rolled around the hospital and that these paper folders routinely would be left unattended. Electronic health information systems are much more secure than paper and non-electronic means. When records are electronic it means you can get access to your data much more easily than paper folders locked in a doctors cabinet or the basement of the hospital health records department.

Ideally we would want full control and access to all our own health information and be confident that it is not being misused or shared without consent. We currently don’t have that control. We rely on our doctors, our hospitals and other government agencies to maintain and control access to our health information. In the province of Ontario and many other jurisdictions individuals have the right to access and control permission to all their health information. Of course the practicality of receiving all this information from a hospital or doctors’ office makes it difficult. How would we get the paper forms and input them ourselves into our own health application? If records were electronic patient have better opportunity to access and control premission to their own information.

We need to ensure that proper percautions are being taken to store our information. To secure our health information the personal identifying data must be encrypted and only viewable by verified access. While user name and password is relatively simple, there are better ways to ensure privacy and security. A smartcard with proper token identification would be a strong method to secure access.

The NEXUS system is used by the US, Mexico and Canada for “trusted travelers”. The system issues a card for this program that uses several layers of security. First a person registers online and their user name and password is issued; then a face-to-face interview is conducted and documents verified (passport, driver’s license etc.); photo id is made and a retina scan is taken along with other details; then a card is issued with an RFID. When entering the country, rather then wait in a lineup, the “trusted traveler” uses the NEXUS card; unsheathed from the RFID blocking cover to access a self-help KIOSK. The traveler positions themselves in front of a device that takes a retina scan, which is compared to that on file, the proximity of the card is all that is required to match the individual to the online file. No swiping or entering of card number or pin is needed. The system verifies who you are by something you are carrying (the card) and your physical attribute; your retina scan. The process is quick and easy. The difficult part was in the verification and issuing of the card.

In Ontario the government issues an OHIP (Ontario Health Insurance Plan) card that is used for payment of services. Many individuals still have the old “red and white” card that is simply an embossed plastic card with only a 10-digit number on it.

OHIP Card

Individual refuse to part with this because the newer cards contain a “version code” and has an expiry date. Neither of these has embedded security, although the newer cards have a photo and a magnetic stripe that contains some personal identifying information that can be read by swipe machines. Other provinces and territories in Canada also issue health cards to citizens, due to our universal health care and the Canada Health Act a citizen could receive care in Ontario using their Alberta health card. Except for layout and check-digit calculation most systems in hospitals and clinics don’t verify health cards. It is unlikely that a fraudulent card would be detected or rejected until well after services have been provided. In the past it was known that some individuals would use the old “red and white” to obtain services for family members that were not eligible for OHIP, this type of abuse is minimal. Replacing all cards with a common standard and using smartcard token or RFID would be beneficial for all healthcare providers and consumers.

To create a secure and private electronic health application one could use the credit card and banking industry model. A credit card is issued from a specific institution, with the first grouping of numbers uniquely identifying the bank and card issuer, then there is a unique number associated with the individual. The card also has security features like check-digit algorithm, and security code. Other features like holograms, photos and smartcard and magnetic swipe all can be implemented on cards. The ability to add RFID would further enhance such an access verification tool.

Each card would be associated with an individual. Also with this model a card can have sub-accounts so that a parent can access records for child of other family member that has granted them access. This would be useful for better service traking. Take for example a child whose parent are divorced, each parent can have their child added to their card so that access to care is unencumbered when the child is with the other parent. This is also useful for family members such as elderly parents. The card has the ability to be a security key into an electronic health application. It isn’t the only consideration, it is a good start.