Fog Creek Software
Discussion Board




Medical records offshoring

This article was in the San Francisco paper this morning, and I thought people here might find it interesting (and a little chilling):

http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/10/22/MNGCO2FN8G1.DTL

Summary: San Francisco hospitals hire offshore company for medical transcription services.  Employee of said company threatens to publish patients' medical records on the web uness she gets a blackmail payment.

Robert Jacobson
Wednesday, October 22, 2003

Working in Canada, our team actually carefully deploy the systems properly so that data from the States never leave the border. It requires you to have data center in two countries but it's the right thing to do. We have had to educated some of our clients about this placement of data (although some are aware of this already).

Hey guys, did you know your posts are submitted to a canadian cohost? :-)

Li-fan Chen
Wednesday, October 22, 2003

oh boy!

offbase
Wednesday, October 22, 2003

The big question is why didn't their contract include steep penalties for improper disclosures of protected health information (PHI)?  HIPAA requires that a health care entity have contractual agreements with their business partners specifically for the purpose of maintaining the privacy of PHI.  Even though Pakistan doesn't have HIPAA, they most certainly do have tort law and contract law and the contract should have included major penalties, enforceable under Pakistani law, for intentional malicious disclosure of PHI.

Matt Latourette
Wednesday, October 22, 2003

Because judges can be purchased with greater ease there than in the US. ;)

Flamebait Sr.
Wednesday, October 22, 2003

"Because judges can be purchased with greater ease there than in the US. ;) "

Judges can be purchased anywhere.  Human greed is not bound by nationality.  With such a favorable exchange rate, it should be pretty darn easy to purchase a Pakistani judge, if one wanted to.  I fail to see how corruption of the legal system is at issue here.

Matt Latourette
Thursday, October 23, 2003

Matt, even if Pakistani judges were pure as the driven snow, then suing the woman would be a total waste of time. Apart from anything else, she had no cntracutal relationship with the health care provider anyway.

Suing in another country is nearly always a bad idea, as the most obvious cases get junked. Ask the Philipinne government which tried to get some of the vast amounts of money Imelda Marcos owed them back.

As for corruption, Transparency International www.transparency.org publish an annual table of overall perceived corruption for 133 countries.

The least corrupt country in the world is considered to be Finland, and the most corrupt, for the third year running, BanglaDesh. Canada and the United Kingodm come joint 11th, and Ireland and the USA joint 18th, just ahead of Chile, Israel, France, Japan and Spain, in that order. Italy comes 35th, joint with Kuwait behind Botswana, Taiwan Estonia, Qatar and Uruaguay, and ahead of Hungary 40th, Saudi Arabia 46th, South Africa 48th and Greece and South Korea 50th, and Brazil and the Czech Republic 54th.  China and Sri Lanka (where in another Transparcency International survey 100% of respondents stated they or a close relative or neighbour had been extorted by the police in the last year) came 66th, (exactly half-way) ahead of Thailand and Turkey. India tied with Romania in 83rd place, just ahead of Russia and Mozambique. Pakistan came joint 92nd with the Philipines. Just in case anybody wishes to claim that corruption is a byproduct of the evil captalist system, may I point out that irredentionist Cuba comes 43rd and Libya 118th, and North Korea doesn't figure at all, presumably because there is no point in doing business there.

Stephen Jones
Thursday, October 23, 2003

We beat the Germans! Yessssss! I bet /that/ wasn't decided on penalties!


Thursday, October 23, 2003

I know someone who works in the medical transcription industry.  Medical records are routinely sent overseas (to India, usually), and the trend is to continue.  Quality is a problem, but getting better quickly.  No word on any privacy violations, but I'm certain it's just a matter of time.

You Sent them WHERE?
Thursday, October 23, 2003

The solution is to not put the name or SSN on the records. If you just have a record but don't know who's it is, it's worthless for blackmail. If they send the record out, they should generate a one time UID for the record.

pdq
Thursday, October 23, 2003

Matt, that's why I said easier to buy off.

I have no illusions that using leverage on a judge in one of the less corrupt countries is also possible. ;)

Flamebait Sr.
Thursday, October 23, 2003

"The solution is to not put the name or SSN on the records. If you just have a record but don't know who's it is, it's worthless for blackmail. If they send the record out, they should generate a one time UID for the record. "

In a former life, I built a medical records sharing system. There is a public health researcher who demostrated in a medical informatics journal that given an age, sex, and zip code, it is possible to positively identify a person without SSN over 80% of the time. If I can find the link, I'll post it here.

rz
Thursday, October 23, 2003

"Apart from anything else, she had no cntracutal relationship with the health care provider anyway."

That was exactly my original point.  The US healthcare provider is required by law to have contractual relationships with business partners that have access to PHI.  Why didn't they have one?

Matt Latourette
Thursday, October 23, 2003

Why should they have the zip code?

pdq
Thursday, October 23, 2003

"Why should they have the zip code? "

so that the patient can receive the bill.

rz
Thursday, October 23, 2003

*  Recent Topics

*  Fog Creek Home