Health records are very personal and they should be treated as such and I certainly don’t think of them in a cavalier manner at all but I personnaly believe that they would be better protected in electronic format in a system rather than floating around Doctor’s offices, labs, etc. The initial regulation of privacy are there – HIPAA, The Privacy Act, etc. they just need to be interpreted into a digital implementation similar to 21 CFR Part 11 (http://en.wikipedia.org/wiki/Title_21_CFR_Part_11). The subject matter experts will have to be the ones that work hand-in-hand with analysts, etc. to make this work. The critical part to this program will be the initial stages of analysis and definition, which is really before any real serious technology needs to be touched. There are many smaller, existing attempts and implementations that can be used as examples and would provide a great deal of information about the risks, etc.

There are certainly going to be those that will want access to the data, whether it is for some gain or just to see if they can. This is no different than any other major system and, as you know, technical measures have been around for some time to help prevent unauthorized access. Obviously, no system is completely secure, no system. The key is to make it too difficult to be worth the trouble and that can certainly be accomplished. Will there be mistakes, certainly, will there be breaches, possibly, but can you think of a system that doesn’t have that risk. All the more reason for a sound scope and direction as well as governance to ensure that if a security hole is found it is closed quickly.

What checks can we design and build into the system at each stage of development? We have to make sure safeguards are added to protect privacy and security, as well as integrity of the information. All good intentions aside, legislation cannot really protect us. It is still up to analysts, systems designers, and integrators to understand both the social impact and technical challenges, as well as maintain constant vigilance to protect the most sensitive of information. We of all people understand how systems can be violated technically, either by accident or intention. We cannot be cavalier in applying technology as if personal medical history are merely abstract data points and structured content. So I’m proposing a higher degree of project ownership.

We don’t have any margin in this case of underestimating the complexity and difficulty of bringing this to success. However, you may be correct in your optimism. Just as the Apollo program brought huge collateral benefits to the U.S., perhaps larger economic benefits beyond the electronic health records system itself are in the offing.

I understand where you are coming from, it is obviously a sensitive subject and maybe I am too much of an idealist but I believe there is a lot to gain. Plus, it is going to happen regardless of what you or I think so we may as well try and make sure it is done right.

The Apollo program, in 2005 dollars, cost $135 billion, and took about 10 years, 500k employees and contractors in NASA and about 20,000 private suppliers. The U.S. landed a man on the moon in the middle of the Vietnam War and the Civil Rights Movement, and the rest of the social upheaval of the 60′s. I was there. Kennedy set the goal, and Johnson and Nixon carried it out, but only because the citizens of the U.S. thought it was a worthy goal and paid for it with their taxes. That was 40 years ago this coming July. Velcro and Corningware, plastics, transistors, lasers, microwaves, fuel cells, even hydroponics and cardiac conditioning all fell out as byproducts, and changed lives in remarkable ways.

Do you really believe a program as personally invasive as an ubiquitous national health database – your innoculations, your gene markers, disease predispositions, surgeries, allergies, the number of flu vaccines you’ve taken, including a record of your travels before and after you took the flu shot so the CDC can track it, etc., that tells all to your employer, your doctor, and your insurance carrier, that is free of failure and fraud, that is fair to all, and that facilitates the epoch of glorious, radiant health will be a good thing that taxpayers will rejoice over, much less be remotely desireable, much, much less be fiscally and technically feasible?