See the full article at When a Palm Reader Knows More than Your Life Line.
Great story by Natasha Singer! Langone Medical Center in NY is trying to quickly solve a problem, but it’s NOT the problem of identity theft or medical ID theft (where someone impersonates you to use your health insurance to obtain treatment). As pointed out in the story, biometrics don’t protect against medical identity theft, because anyone can impersonate you using a fake ID and submit their palm prints and photo to Langone.
The problem Langone solved is how to reliably link every patient’s health records together, so the hospital staff can easily find them. Instead, patients should control and link their records, and selectively share the relevant parts with physicians and staff on a ‘need-to-know’ basis.
The Langone health technology system (like the majority of US hospitals) prevents patient control of access to sensitive personal health information. Instead it enables all physicians, nurses, and even admissions clerks to use palm prints and photos to pull up all your records, including sensitive data about sexual problems, marital therapy, STDs, addiction, etc. Joseph Atick correctly pointed out that Langone could instead use biometrics to put patients in control of personal records by allowing access ONLY when the patient is present and scans his/her palm.
Langone uses biometrics the same way social security numbers are used: to collect and link together all financial and personal information about individuals. We desperately need entirely different, trustworthy health IT systems that ensure individuals control their digital health identities and sensitive health data, not institutions.
Electronic health systems could work much like the way we control our finances online: we decide who gets paid, when, and how much, not banks or merchants. We can set up automatic payments and/or decide about transferring money on a case-by-case basis.
The US could have a trustworthy patient-controlled health IT system in 5 years. It will require:
- -building patient and physician portals (so we can connect with doctors and health professionals)
- -robust patient-controlled identity systems
- -the ability to download copies of personal health data into health record banks that do not sell or transfer our data without informed consent
- -strong new laws to restore our strong, longstanding rights to control health information in electronic systems
HIPAA and current technology empower government and institutions to control the nation’s health records. It’s high time to fix that.