[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Medical Data

In the public discussions about "medical data bases" and "medical account
numbers," the key issue is being missed. Namely,

Why can't patients carry their _own_ medical records, and disclose what
they wish to disclose to doctors and hospitals, as they see fit? Whether
implemented in a high-tech version, as a "smart card," or a low-tech
version, as a "dossier" (a file folder), the principle's the same.

(I'll get to insurance companies in a moment.)

There is little incentive (*) that I can imagine for any patient to
deliberately lie on his records, as such lying usually harms himself by
providing misleading information to someone who is trying to help him--I
mention this because presumably one of the reasons hospitals and whatnot
keep the records is fear that the records will be altered or not fully
reported. Medical records appear to be a perfect example of Chaum's
"selective disclosure of credentials," or even "credentials without

(* There is of course some incentive to lie or withold medical information
if the patient deems it invasive of his privacy, or something that he does
not want on records accessible to others. But in a _specific medical
treatment_, for example, he gains little by denying that he had measles as
a child, or that he has used IV drugs. Provided he can disclose this
information without being added to a data base--e.g., by using selective
disclosure of information (and not his name)--the incentives for lying are
small, possibly negative.)

Insurers would of course be worried about falsification of records. This
can be handled in several ways. Digitally-signed statements from hospitals
or test services could be required, depending on the policies of the
insurers--the holder of the files, such as the patient, would be unable to
fake or alter such records. Still, when one asks another party to make a
"bet" about one's health, which is what insurance of course is, it's not
surprising that they would want to see to independent verification of one's
assertions. This is largely separable from the issue of disclosing to
doctors and hospitals medical information.

The comparison that is often made between credit records and medical
records is flawed. Credit records are the items of data _from other
people_, e.g., the persons one has borrowed from, the landlords one has
rented from, etc. And with credit records, a person is often inclined to
falsify or withold items (though this is also solved partly with digital
signatures, though not perfectly).

(There are some interesting links with object-oriented programming, with
patient-objects able to maintain their own state. Not true of
creditee-objects, who are not the owners of the credit worthiness judgments
of others.)

This could be an area where actual progress can be made. While many people,
and regulators, have concerns about untraceable digital cash,  it is likely
that the _public_ would find it hard to buy the argument that patients
being responsible for their own medical records would be a dire threat to
the Republic! Thus, while carrying one's own credit record is mostly
unworkable, carrying one's own medical records is completely feasible, and
solves many privacy problems.

--Tim May

(I hope I fixed any scrambled paragraphs...my Mac crashed again (it's been
crashing several times a day, what with all the various semi-incompatible
versions of the Mac OS, extensions, new programs, etc., I have) and I had
to recover the text of what I'd been typing from one of those dreaded--but
very useful--"keystroke capture" programs.)

We got computers, we're tapping phone lines, I know that that ain't allowed.
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."