Re: Part 2: System Structure

[Marcus Brinkmann]

At Thu, 18 May 2006 14:32:17 -0400,
"Jonathan S. Shapiro" <address@hidden> wrote:
> 
> On Thu, 2006-05-18 at 15:36 +0200, Marcus Brinkmann wrote:
> > At Thu, 18 May 2006 13:24:01 +0200,
> > Bas Wijnen <address@hidden> wrote:
> > > The hospital case is very special.
> > 
> > The hospital case can be summarized like this: "The law requires the
> > implementor to implement DRM.  How do you do it?"  Well, if that is in
> > fact true, then the right question to ask is not "How do we do it?"
> > but: "Is the law the right law?"
> 
> The answer to this seems fairly clear: this law (and its international
> equivalents) is a direct response to serious violations of patient
> privacy that occurred because management of data was not adequately
> controlled against insider (user) misbehavior.
> 
> You may argue (and I would agree) that the current law is too complex.
> This is not the fundamental issue. The fundamental issue is that there
> are many incentives for hospital personnel to "cheat", and the cost to
> the patient of recovering from such an illegal disclosure is very very
> high (in some cases, recovery is *impossible*). It has been demonstrated
> by existing practice that there is no practical means to police this
> behavior using social mechanisms. It has also been demonstrated that the
> courts and the social process of recovery is so expensive and so
> ineffective (even when the patient wins) that preemptive protection of
> this information is justified.

But the HIPAA regulation itself does not lead to preemptive
protection.  It is only if the regulation is enforced and actually
implemented that protection happens.  This requires exactly those
social mechanisms that you consider inadequate.

In an article "Justice Department Opinion Undermines Protection of
Medical Privacy", from 7th of June 2005, Peter P. Swire, who was
involved in the creation of the rule, says that "Industry pressure has
stopped HHS from bringing a single civil case out of the 13,000
complaints", and heavily critizes an opinion that "essentially makes
the privacy rule into a voluntary standard".

You can find the article at
http://www.americanprogress.org/site/pp.asp?c=biJRJ8OVF&b=743281

> In this case, you are being a bit short-sighted. You don't *need* to
> understand the details of the law. The summary is sufficient. What the
> law says, in essence, is that computational systems used in many medical
> applications must avoid disclosing information to unauthorized parties,
> and must exercise reasonable standards of diligence in enforcing this.
> The definition of "authorized" is contextual, and is determined
> primarily by checking who is providing care to which patient, and the
> role of that individual. Because there have been serious thefts of
> medical information by insiders, the standards of "reasonable diligence"
> include defending effectively against deliberate "insider" attempts to
> access unauthorized information.
> 
> When the best technology available is UNIX, many unavoidable errors are
> acceptable as "reasonably diligent". When a better technology is
> available, failing to use it appropriately constitutes lack of adequate
> diligence under the law. A system running Hurd -NG (as currently
> conceived) could not satisfy the test of reasonable diligence in this
> context.

Maybe.  But given the state of patient privacy protection of the US it
is impossible for me to tell if the problems are actually of a
technical nature.  It may be that once the social process is fixed,
which needs to happen anyway, the differences in the technical systems
may be negligable, and in any case what is the "better" technology is
a multi-dimensional question that includes protection, but also many
other issues.

Thanks,
Marcus