Computers, Privacy & the Constitution

Storing Medical Data in the “Cloud”

-- By AmaneKawamoto - 30 Apr 2013


An increasing number of medical institutions are using online storage services to record their medical data. In the context of online data storage service in general, there are already various discussions regarding its risks, liability of related parties, and other issues. In this paper, I would like to consider the appropriateness of storing of medial data in the “cloud” taking account into the special characteristics of medical data.

Special Characteristics of Medical Data Storing

(a) Sensitiveness

Among other things, medical data is one of the most sensitive types of information, and thus more secure data protection is required. This sensitiveness of data makes medical institutions hesitate to adopt online data storing which has a risk of large-scale information leakage. Yet, here I would like to introduce one episode that actually occurred in Japan. After a huge earthquake and tsunami destroyed hospitals in north-eastern Japan on March 11, 2011, lots of binders of medical records also had been left out in the open along with other debris. We have to understand the vulnerability of traditional method of data storing when we discuss the risk of leakage.

(b) Importance of Availability

It is obvious that medical data relates to people’s life and it is a vital concern that our medical data should be available when in need and should not be lost. In order to keep the availability of data and not to lose it, storing data in more than one place is beneficial. Here, I came to know another episode in the 2011 Earthquake. While other hospitals were suffering from data loss after being hit by the quake and tsunami, one hospital, which had shared its medical record with another hospital, could continue using its data. It is true that storing information at several places increases the security risk of the data and here is a trade-off between availability and privacy. But we should not forget that availability of medical data, which leads to our lives, can take precedence over privacy.

(c) Urgency

As we learned from the experiences of the 2011 Earthquake, the incident which cause the loss of medical data is the very same incident which requires such medical data immediately. Online storing of medical records will be able to assist medical rescue teams providing safe, prompt and efficient treatment for disaster victims even if their community hospitals were destroyed.

(d) Sharing

Medical data can be used more effectively when it is used beyond the border of hospitals. If we can unify our medical data scattered among many medical institutions, we would be able to get more efficient medical care (e.g. Avoiding redundant medical examinations and medication.). We would be able to avoid drug incompatibility by easily keeping track of past medication. Online data storing make it convenient for medical institutions share medical data. Also, sharing information reduces the chance of occurrence of errors while transferring information.

(e) Costs

In countries like Japan which provides nationwide public health care insurance, reducing medical cost is the vital concern of taxpayers. By promoting sharing of medical data beyond hospitals, we can reduce our medical cost by avoiding redundant medical examination and medication.

All of this could have been put economically in a few short sentences, leaving more room for thinking.

Some Remaining Issues

From the analysis above, although there is a concern about privacy issues, storing medical data in the “cloud” will provide benefits both to patients and the general public. Yet, there are some remaining issues. One is a succession of data when a cloud vender goes into insolvency. Since this issue is hard to be handled by contracts between a cloud vender and its customer, it is necessary to establish a legal system which enables to transfer stored medical data safely and smoothly from an insolvent cloud vendor to another vendor. The second issue is that there is no effective remedy once confidential information has leaked out. Although this is not an issue specific to medical data, leakage of medical data causes more serious problem due to its sensitivity. May be we need a new type of remedy to remove leaked confidential information.

This is not a very satisfactory account of the subject. Almost all the space is used on an inefficient discussion of the social properties of medical data. The rest is a jumble of thoughts about "cloud storage" that don't really engage the current technological realities. It's possible that the Japanese national health service's view of medical informatics is as unsophisticated as you seem to be suggesting, or that their lawyers are as ignorant of how such contracts with outside parties would be drawn. I hope not. The governments I deal with directly that run comprehensive national health services, including the US government at the Veterans' Administration, are way past this point. No doubt the Japanese civil servants are as tightly in bed with the dominant relevant businesses (Sony, Fujitsu, NEC, etc.) as they usually are. Security of EHRs through end-to-end encryption would be a feature of any contemporary design for storage solutions anyway. Where all accesses to EHRs are logged, as they are in any modern system, data leaks don't come from within the system. Health records leak through criminal corruption of employees or businesses, to which the nature of storage location is irrelevant. So if this is what concerns government IT planners, they are horribly misinformed, which I seriously doubt.

You don't discuss what seems to me to be the real question: Why isn't the patient the person who controls the storage of the health record? The important thing is to have the EHR where the patient needs it to be, which is where the patient is, or wants the record to be. "Cloud" or "Not cloud" is far less important than "I control the data about me," or "They control the data about me." Technology merely implements in one way or another a fundamental power allocation. Why don't you discuss this question? Surely it is not invisible.


Webs Webs

r3 - 14 Jan 2015 - 22:44:49 - IanSullivan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM