Thursday, December 06, 2007

Privacy vs. Security

"Trust me, I know what's good for you."

When I hear those words, trust is the last thing that comes to mind. I think of wiley deception, one-uppance, playing me for a fool.

So what do you think, when a press release announces "Hitrust" - the Health Information Trust Alliance, an industry consortium comprised by huge business interests in the healthcare arena who have singularly and consistently desired to obfuscate transparency of healthcare costs: CVS Caremark, Highmark Inc., Hospital Corporation of America, Humana, Johnson & Johnson, Philips Healthcare, and Pitney Bowes? Do you think "security" when these companies collectively employ thousands and thousands of people who have access to your health information?

In a dazzling display of bureaucracy, we learned yesterday of this consortium's desire to "Build Greater Trust in the Electronic Flow of Information Through the Healthcare System" and spend tons of your money doing it.

Thanks. We need this. I feel so much better now, knowing that my health care information is "flowing" around cyberspace at the speed of light "securely" to insurers who want to deny my claims for healthcare. I feel so much better that a direct mail provider (Pitney Bowes) can target my "needs" more accurately and send my "mailstream" to even more prying eyes with profit motives to their shareholders in the name of "efficiency." I feel so good that hospitals can now more securely apply even more bill-padding to my hospital bill with even less transparency than before. And I particularly am happy that "privacy" will be separated from "security," as though these providers have relinguished their responsibility to my privacy in such a publically disseminated manner:
"Although 'privacy' and 'security' are often used interchangeably, they are distinct, but interrelated, concepts," said Kimberly Gray, Chief Privacy Officer, Highmark Inc. "Health information privacy in the U.S. today focuses on keeping personal information confidential, and privacy policy is generally overseen by government and regulatory bodies. Security, on the other hand, is the means and mechanisms to protect privacy and must be capable of quickly adapting to changes in the technology and industry landscape and is best left to the private sector. HITRUST is singularly focused on the latter."
You see? Privacy is not their responsibility.

So go ahead: trust me.

(Yeah, right.)


No comments: