Online Health Records: What's the Big Deal?
Lately there's been a lot of talk about privacy and safety concerns regarding online health information. This morning I read an article on CNN's Web site where the author was shocked to find her personal, private health information "on the Internet" (as she phrased it).
The problem I have with this phrasing is it's not exactly accurate. As both a writer and a former software developer, I see a huge difference between the terms "on the Internet" and "accessible through the Internet."
I'm well aware that I can access my health records through the Internet. I've been doing it for a few years now. I regularly go to my insurance provider's Web site to check my benefits and read the explanations of benefits. I go to the pharmacy's Web site and order refills for my prescriptions. To me, this is no different from going to my bank's Web site and looking at my statements and using their online bill pay.
But are there similar scare-mongering articles that say our bank records are available "on the Internet"? No, not lately. And that's my point here. For me, and possibly other people, when somebody says something is available on the Internet, it generally means it's available to more than just me. My bank records and personal health information are not available on the Internet. Rather, they're stored away on my bank's and insurer's computers, and I-and only I-can access the data through their convenient Web portal.
Indeed, when I started reading the article, I got worried that the author was trying to imply that our health records are out there for all to see. They aren't. The only way you can see them is if you set up an online account, just as you do with your bank.
In fact, the author says that her insurer said that the information can be removed from the Internet. As a software developer, I find this questionable. The data is sitting on the internal computers at the insurer, and this is the same computer where your records were stored before the Internet access was available. It's the same computer the customer service reps use when you call in with a question about your account. Rather, the way the data is made available through the Internet is through software running on a Web server computer. That software accesses the same data the customer service reps see.
So to say the data is "removed" is not accurate. Rather, what they're really doing is configuring your account so the Web server can't access it. But you know what? If you haven't signed up for online access, the Web server is already configured that way. It won't access your data until you specifically ask it to. And how do you do set it up to access it? By calling in with private information.
That, of course, is where the real concern is, that somebody could impersonate you and call in and set it up and access it without your knowledge. The key, then, is to ask the insurer to put a block so nobody can do that, and that the data never leaves through the Web server. Or, better yet, go ahead and get it set up before the identity theft does, and use a strong password, and change your password regularly.
But for me, disabling the access altogether is going overboard. We live in a digital age, and we can take means to protect our information by regularly checking our credit reports, our health records and our bank balances and make sure there's no questionable activity. And how do we do that? By accessing it through the Web. Times are changing, and we can choose to stick to the old-fashioned way where we do everything over the phone and through the Postal Service. But personally, I like the convenience of accessing my information through the Web, because I know the security is pretty good, and I can check it immediately without having to wait for it to come in the mail, and I know that the information is not available to everyone on the Internet.