Technologies Specific to Health Care

Recommendation 5.2: The Department of Health and Human Services should support research in those areas listed below that are of particular importance to the health care industry, but that might not otherwise be pursued. These technologies offer greater immediate benefit to health care than to other industries for protecting privacy interests and require specific attention and funding by health-related government agencies and industry. They include the following:

  • Methods of identifying and linking patient records. Research is needed to find ways of indexing and linking patient records in a manner that protects patient privacy. The ideal scheme would meet the three criteria for privacy outlined in Recommendation 4. It would allow patient records to be easily indexed and linked for purposes of care and other purposes determined to be legitimate, while impeding inappropriate linkages. This research should also address the extent to which a universal identifier is needed to facilitate improved care and health-related research and to simplify administration of benefits.
  • Anonymous care and pseudonyms. Today, a patient who wishes to remain anonymous for purposes of care faces a number of serious disadvantages. For example, patients wishing to receive care anonymously must currently pay for health services in cash. More seriously, a patient wishing to be anonymous runs a serious risk when his or her medical history is on-line, although the content of that history may be critical to providing quality medical care. The use of pseudonyms or cryptographically generated aliases may mitigate this problem in the future. An alternative might be the use of narrative templates to restrict the use of names in blocks of narrative text; a record in which names occur only in a header, can be efficiently (and perhaps automatically) purged of identifying information. For patients with strong privacy concerns, smart cards containing their medical histories might present an acceptable alternative to storing data in a hospital database or larger community-wide system. Reliable techniques for linking patient records without specific patient identification may reduce the need for assigning patients unique, universal identifiers.
  • Audit tools. Audit trails are useful as a deterrent to improper access only if there is some possibility that an improper access will in fact be recognized as such. However, the collection of audit trails routinely generates enormous amounts of data that must then be analyzed. Automated tools to analyze audit trail data would enable much more frequent examination of accesses and thus serve a more effective deterrent role. For example, intelligent screening agents could be developed that would

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement