Wednesday, November 02, 2011

Privacy, Please?

Anon commented on my last blog post about clinical uses for Siri on my new iPhone:
"From the details in your contacts, it knows your friends, family, boss, and coworkers. "

That was from Apple's web site, regarding Siri. If you are using Siri for clinical purposes, know that Siri tells Apple everything. Siri--usly, how do you protect patient confidentiality if Siri/Apple knows so much? Sure, paper files can be stolen, so can cell phones. E files are vulnerable to all sorts of breaches. But what would you do if your iphone 4S fell into the wrong hands with all that clinical related stuff on it? Not quite the same as asking Siri where the closest dry cleaner is.
I find it kind of interesting what people worry about.  I have hundreds of contacts in my phone.  My husband is labeled no differently than my co-workers, than my friends. than my patients.  I'm not sure what it means to have one's iPhone "fall into the wrong hands."  I live in Maryland, so I'm not sure what Apple in Cupertino would do with my information, maybe send iPhone advertisements to my contacts? 


The issue of clinical information is  something I hadn't thought about.  I downloaded an app yesterday specifically for GoogleDocs, and it imported all my documents.  We wrote our book on this, so every chapter and every revision is now accessible on my phone, not to mention my posts for Clinical Psychiatry News and an unpublished novel or two.  I downloaded the app so I would have the option to dictate patient notes.  This would leave clinical information potentially accessible via a cloud or on the phone.  I'm not sure it's all that interesting.  My notes are usually pretty boring.  But I did think that I would print them and then delete, rather than have to deal with keeping charts in order in cyberspace.


I guess I find it interesting that people worry about issues of confidentiality with total strangers in places where it's hard to imagine a use for what is likely to be pretty boring information.  On the other hand, we live in a world where electronic medical records now exist in all types of venues.  I work at a large hospital.  I can access the records of any patient seen there, and if I go to a physician there, his notes about me will go onto the EMR. At this juncture, outpatient psychiatry notes are not on the EMR, just a record of the fact of the appointment (which does say "community psychiatry," and the psychiatrists add their medications, but this will change soon, I'm sure, and psych notes may well be part of the hospital's coming new system.  The patients are not asked, and the doctors they see have access to all records without getting prior permission.  There are very specific rules about whose records a healthcare worker may look at, and people have been fired for looking at their neighbor's records, but someone has to catch you.  This means that a patient would have to ask someone with access to the system to see who had accessed their records, realize that one of those people was not someone involved with their care (Hey, that's my new boyfriend!) and then complain to the hospital and initiate some type of complaint (I think).  There is nothing inherent in the system that prevents one person from looking at the medical records of their coworkers, boss, ex-husband,  or even their doctors, aside from their own conscience and the fear of being caught (and reprimanded).  At this point, and for this reason, I have chosen not to get care at the institution where I work.  


Our state is also working on a system, called CRISP, that lifts medical records from all providers to a centralized system.  You can opt out, but you don't need to opt in: do nothing and your healthcare information goes in.  I opted out, and I got a letter telling me they would keep my information in case I changed my mind.  Wait, so presumably my doctor will be feeding my information into this cloud, without asking my permission?  I don't really know how this will work-- from the shrink standpoint-- because no one has contacted me about putting my professional records into this system, and since my records are all handwritten on hard copy charts, I don't know how this would play out. 


Somehow we've come to think that electronic medical records will mean better care.  I could be wrong, but I'm not really sure why we think that.  It seems to me that the burden this will place on the physician to attend to the devices and the demands of this type of documentation, will consume time and detract from time with the patient.  As is, I've noted it takes about 5 times as long to send an e-script as it does to write a prescription, starting with the fact that the e-system my hospital uses logs me out every 7 minutes.  I'm told this can't be modified, and I'm not aware of any doctor who sees patients faster than every 7 minutes.  Secondly,  an electronic system is only as good as the information it propagates, and I've seen lots of mistakes in the electronic medical records.  The internist notes that the patient is seen by psychiatry and takes Restoril.  Wait, my patient is taking Restoril?  I didn't know this..oh, I think he meant Risperdal.  By my calculation, the number of lives saved by electronic information that is provided when the patient can't provide it himself, will about equal the catastrophes from the propagation of incorrect information.  


So I should be worried that Apple can see my contacts?  My brother, who is an original Caltech computer geek, told me recently that since I have a webcam, it's possible that someone could hack my computer and watch me through my camera.  At first, I was alarmed at the possibility, but then I thought about this for a moment and said, "Why would someone want to watch me type?"  Nothing that exciting is happening here.  Sometimes I don't wear makeup, here and there I stick out my tongue and lick my lips, and okay, in front of the computer, when I'm writing, I kind of talk to myself.  If this might interest someone...

I seem to have my own list of things to worry about.  That someone might hunt my patient information out from the cloud just hasn't yet made my list.