Banking system may be a model for medical record storage

“There?s a whole major movement in this country to see how we can move information from one network to another,” she said. Questions include how to secure the information and protect the patient?s privacy, but she said the biggest issue is, “Who owns the information? Is it the patient, is it the doctor who makes the diagnosis, is it the insurance company who paid for it?”

In an article published recently in the IBM Systems Journal, Ball proposed a private-industry standard where patients control who can access their information, and how much.

The system could pay for itself by mining nonidentifying data to sell to researchers, drug developers and private industry, Ball said. It would also cut medical costs and duplicative procedures, such as when someone in an emergency room needs to access an X-ray or MRI stored in another hospital?s system.

The Health Information Management Systems Society meeting in New Orleans this week is expected to take up the issue with an Inter-Operability Showcase, demonstrating the secure transfer of information from New York to Louisiana.

The loss of personal records raised concerns in Baltimore and Southern Maryland when sensitive information, including Social Security numbers, disappeared from Johns Hopkins and St. Mary?s Hospital in Leonardtown.

St. Mary?s executives recently notified 130,000 patients that a laptop with personal information was stolen from the hospital in December.

Hopkins sent notice Feb. 7 that a courier misplaced backup computer tapes containing data for 52,567 former and current employees as well as 83,000 patients.

Neither case involved medical information, and officials at both hospitals are contracting private recovery agencies to try to find the data.

How to secure a regional or national network is the key, Ball said. A combination of computer and physical security and tough legal penalties for stealing or mishandling data should work, she said.

[email protected]