Date: Wed, 06 Oct 93 16:59:27 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V3#053 Computer Privacy Digest Wed, 06 Oct 93 Volume 3 : Issue: 053 Today's Topics: Moderator: Dennis G. Rears Re: Clinton Health Care Plan The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- Date: Tue, 5 Oct 93 15:48:43 EDT Organization: National Institute of Standards and Technology (NIST) From: "Dennis D. Steinauer" Subject: Re: Clinton Health Care Plan Bill Murray writes: >> >> The bureaucrats response of choice in this situation will be a personal >> identity number and a massive data base. This data base will contain >> our most intimate personal information. It will be in the >> hands of government bureaucrats. If bureaucrats simply do what >> bureaucrats do, these tools will result in huge loss of personal and >> family privacy. While safeguards, may mitigate this to some small >> degree, and whether or not there is abuse, the impact will be major. >> >> This is a natural and unavoidable cost of this program. Before we adopt >> this proposal, we should understand this cost which we cannot avoid. I think it would be best not to be ratcheting up the sound level on the debate until more facts and details are on the table. I don't believe there has been anyone familiar with the president's plan who has said anything about a "massive database" with "our most intimate personal information ... in the hands of government bureaucrats" -- nor do I believe that one has to assume that such is implicit in any of the plan's elements. In fact, the president's reform plan retains a great deal of decentralization in order to foster information technology innovation. Nowhere does the president's plan dicate a monolithic approach to the use of information technology. Rather, it focuses on a rational and (much) less fragemented approach that has been the case to date. It focuses on data and system interoperability standards and encouraging technical innovation. It recognizes the need for information technology to address problems both in administrative processes (read "claims processing") and ultimately in clinical automation. The healthcare industry itself has recognized the critical need for leadership in providing standards (including privacy and security standards). To the extent that personal information is maintained in "the system" -- and it certainly will be -- the president's plan calls for clear, national privacy rights and standards of protection. It occurs to me that this is certainly better than the current situation, which has resulted in a patchwork of state legislation and, in effect, less assurance of medical privacy than one has over ones video rentals. (And, frankly, I think I probably have a better chance of controlling my privacy rights with "government bureaucrats" than I do private organizations such as "medical information bureaus".) Does anyone seriously think he as acceptible privacy of his or her medical information now? It seems to me that the president's reform proposal offers an outstanding opportunity to IMPROVE the state of privacy and security -- not the opposite as some people have suggested. As with other aspects of the current healthcare system, the worst thing we could do is nothing. Dennis D. Steinauer National Institute of Standards and Technology A-216 Technology Gaithersburg, MD 20899 USA DSteinauer@nist.gov BTW -- The "Card" isn't likely to be a smartcard, massive memory card, or other such thing -- at least not for a long time. Indeed, it probably won't even be the SAME card in all ares. The president's plan, in line with the approach of encouraging technical innovation, initially calls for a minimal machine readability capability (read "mag strip"). ------------------------------ End of Computer Privacy Digest V3 #053 ******************************