Date: Sat, 25 Feb 1995 18:25:13 -0800 From: Phil Agre <pagre@weber.ucsd.edu> To: rre@weber.ucsd.edu Subject: symposium on medical records Date: Tue, 21 Feb 95 18:40:37 PST From: RISKS Forum <risks@csl.sri.com> Subject: RISKS DIGEST 16.83 RISKS-LIST: RISKS-FORUM Digest Tuesday 21 February 1995 Volume 16 : Issue 83 ---------------------------------------------------------------------- Date: Sat, 18 Feb 1995 18:28:29 -0800 From: Phil Agre >pagre@weber.ucsd.edu< Subject: symposium on medical records A symposium is coming up that has tremendous consequences for the privacy of sensitive personal medical records -- Toward an Electronic Patient Record '95, 14-19 March 1995 in Orlando, Florida. The basic idea is to put all of your medical records on-line in a centralized repository, accessible to any medical professional who needs them. This is great when the folks in the emergency room need your records in a hurry, but it's not so great when your records are also available to insurance companies and marketers, not to mention private investigators who are willing to push the law a little bit. Right now the outlook for serious privacy protections on computerized medical records is not so good. As a result, I think it would be excellent if any net citizens were to attend this symposium and report back to the net community. I would particularly direct your attention to a meeting of the Standards Subcommittee on Access, Privacy and Confidentiality of Medical Records, which is to be held on Sunday March 12th and will be open to the public. It isn't good enough for privacy to be protected by vague principles and guidelines after the systems have been designed. Privacy capabilities such as patients' control over their personal information must be built into the technical standards, and if you can be in Florida in March then you can help out by informing the net community about the progress of those standards. More generally, the standards for a whole generation of privacy-sensitive systems are being set right now -- Intelligent Transportation Systems are another example -- and I think it's important for the net community to track the standard-setting process, publicizing problems and intervening to make sure that the new generation of standards makes full use of the new generation of privacy technologies -- especially technologies such as digital cash that are based on public-key cryptography. In the case of medical records, some of the people designing the systems actually are aware of the existence of these new privacy technologies. The hard part is making sure that real privacy protection is actually built into the standards despite the probable pressure of various economic interests to the contrary. The symposium is organized by the Medical Records Institute. MRI is on the Web at http://www.nfic.com/mri/mri.html. But I particularly recommend the 36-page paper version of the conference announcement since it includes information about the exhibitors -- valuable raw material for research by privacy advocates. MRI's e-mail address is 71431.2030@compuserve.com and their paper address is 567 Walnut Street, PO Box 289, Newton MA 02160 USA. Phil Agre, UCSD ------------------------------ End of RISKS-FORUM Digest 16.83 ************************
Lenny Foner Last modified: Wed May 17 23:07:47 1995