Recently, a friend of mine who is quite ill showed me a tool he is using to manage his health care costs. He logged on, entered his password, and voila, all his medications, some key medical data (blood pressure, blood tests, etc) and procedures popped up on the screen. He said the information has been invaluable in his on-going saga with the insurance companies and the endless claims, appeals, and re-appeals he’s had to submit.

When I asked him the source of such information, he said it was provided by health care providers to insurance companies who in turn contracted with data warehouses to store such information. I don’t know how he obtained it (since he is the patient), but he said in passing that such information was kept on all medical patients in such databases. While the information has been helpful to him, I was stunned to learn that all my medical information was being centrally stored and could be obtained by third parties.

When the Health Insurance Portability and Accountability Act was passed, Congress required HHS to implement regulations to protect the security and confidentiality of health information. This was 4 years ago. The problem is that HHS continues to delay and is not taking action to implement these regulations. Advisory groups have met, studied and recommended but no action has been taken. When we see a health care provider, we’re given some form that has some meaningless text about privacy and authorization to provide relevant information to third parties. But do we really know what that means? What choice do we really have to object to the sharing of such information? What rights do we have to see what information is maintained on ourselves or a family member?

We are too familiar with the stories of people hacking into databases. Nothing really seems impervious to such attacks. While we’re told to protect our social security numbers and other vital statistics, we know that for a fee such information can be readily obtained from third parties. I can think of nothing more personal or more private than my medical records. And given the broad scope of recently implemented homeland security legislation, including warrantless searches of US citizen, it concerns me that there is no such thing as privacy any more. What do you think?

On a somewhat related note, I recently perused Face Book. I admit I am not a user. I don’t have my own page, etc. Yet I was stunned at how much information people posted about themselves. There were photos, phone numbers, and email accounts. Then were there various ramblings about their lives and what they were doing, feeling, and planning. There was a lot of information about family members and friends and/or perceived enemies. The musings were similar to a diary.

While this information is supposedly "controlled" by the user, we know that such information gets passed around without the user’s knowledge or consent. I am amazed at how much private and personal information people seem willing to share. Especially for young people, do they realize that the information they post is "forever" available in cyberspace, and retrievable by some smart three letter agency’s software? Do you really want to post what you did during homecoming weekend only to have it retrievable 10 years later and perhaps made available to the public? To your family?

Privacy seems to be a very permeable concept these days. In the first instance, people may be accessing information that we’ve never imagined would be released to third parties. In the second instance, people think they’re sharing information about themselves, but only to a select circle, when in fact, its distribution is much broader. Should we be implementing new regulations? Should we be demanding new protection technologies? What do you think?