(I’m attending this conference at Harvard University and will do some live blogging here as the mood or content strikes me. One of my reasons for being here is to make sure I’m up-to-date on HIPAA privacy and security requirements and to get a reality check on the emerging issues.)

Yesterday’s session fulfilled most of my expectations of what a great conference can bring to exploring ideas and opening up new areas of inquiry in a topic - privacy - that is getting beat to death every day with  tired clichés. So here’s hoping today’s speakers will help get us to the same level.

7:40 am Set up at the Harvard Faculty Club again, plugged in, with good wi-fi. Coffeed up as well.

7:55 am (Marc Rotenberg) will overview the Electronic Privacy Information Center (EPIC) 2008 initiative to get privacy into the Presidential Campaign.

8:00 am This is a prime moment, and this is the first audience, to launch “Privacy 08″. How do you get an issue into the race? We want it to be a grass roots campaign rather than the policy paper approach. Well get a button and a cool logo. Met with representatives of the campaigns of both parties and positions have been written by both sides. Have even set up a Facebook cause and Twitter Privacy 08! Got a ‘Privacy 08′ internet domain and are planning events to raise awareness. Will be getting materials to the political party conventions, and then holding a Candidate Forum. Will also use YouTube and questions sought from online audiences to pose to candidates. Rotenberg reviews some of the questions already submitted that they will ask the candidates, such as, “Should US firms sell surveillance technologies to the Chinese government?”  “Do you believe that the Constitution limits the ability of the President to to conduct warrantless wiretapping?”

8:30 am (Jeff Rosen) What is the future of privacy? Is it dead or on the verge of a dramatic resurrection? The truth is more complicated. Citizens want contradictory things. They don’t care until their privacy is threatened then they care a lot. He sees 5 possible privacy Chernobyls:

• Behavioral Targeted Advertising: Leaking of that tracking data (Danger of being judged “out of context.)
• Search Terms: Massive Data Leak of search terms.
• Facebook: Not a privacy free-zone. For example -The Beacon scandal: Exposes your purchases to your friends without your knowledge.
• StarWars Kid: A private video was place of the internet without permission followed by much embarrassment (and a lawsuit).
• Ubiquitous surveillance: Public likes the “security theater” of public video anti-crime surveillance. Could move from ‘closed circuit’ to ‘open circuit’. Google live-feeding public surveillance video is a definite possibility.

9:00 am (James Koenig) Talks on the “New, New Thing in Privacy.” Five things to consider now!

• Impact on privacy associated with the slowdown in the economy - Business goals versus privacy goals when companies are under financial pressure. Resources to prevent privacy breaches may be pulled back. More aggressive marketing techniques may ignore privacy concerns. Privacy officials could be eliminated or downgraded.
• Global expansion for new markets and operations - Privacy rules and cultures are not the same. Lower safeguards and infrastructure in Asian countries. China does not have a lot of privacy law history but this is changing. Public pressure is building for a comprehensive China privacy law. Or what about the tougher European standards? What is a privacy official to do? You will need a fleet of lawyers if you want to create a uniform business practice and it is quite difficult to set up a coordinated business governance structure for privacy.
• New Identity Theft Techniques - Number 1 FTC complaint! Impacts 5% of the US a year. Credit card fraud etc. Much of it is from paper and knowledgeable insiders that cause ID theft events!
• New Health care information laws driving disclosures and other risks - Electronic medical records (EMRs), personal health records (PHRs) pose more risks for breaches of medical information. Privacy legislation is on the move in the US Congress as we see in new laws on genetic information.
• Class action and litigation relating to privacy - A definite building impact on corporate behavior.

9:40 am Panel of various speakers on privacy advocacy issues and challenges.

• Convincing officials, policy makers that privacy is not an obstacle but a way to move health information technology forward.
• Privacy law is largely administrative and regulatory. What if the agency has a bad record? Congress wants to move forward through statute. A challenge for advocates.
• HIPAA not necessarily always a good thing. Many say HIPAA is enough. No more. Nobody wants to go back there politically especially for those who want health IT to move fast. Entrenched health interest do not want to reopen privacy. They’ve adjusted and want to keep it that way.
• Fake (Synthetic) identity theft - Fake private information to get credit cards. Not a mainstream issue but an opening into the technology that allows for entry into real ID theft/privacy issues.
• Chief privacy and security official roles are changing - focusing on breach prevention and response.
• How to get market competition on privacy - Car companies now compete on safety. What about businesses competing around their ability to secure the privacy of your data?
• There’s a lot of independent characters in this field and they are not well funded. Privacy advocates are usually not represented in conferences like this one and have been totally shut out of the debate in Washington. They blame us for HIPAA. Do we threaten corporate and government interests?
• People need to see the nexus between privacy and civil rights. The debate  and convergence is evolving.

11:15 am (Ken Anderson,Representing Ontario Privacy Commissioner) “Privacy by design, build it in”. For example use privacy audits and privacy impact assessments. Transformative Technology: Make the technology work for you (for ensuring privacy). Take a pragmatic approach. How to transform video surveillance technology for example? Short retention time of video, frequency of privacy audits, ensure adequate oversight, prevent voyeurism by using technology that block/unblock face recognition.

(Need to break for lunch)

1:35 pm The afternoon sessions will focus more on security issues related to HIPAA starting with an introduction and overview (John Parmigiani).

Where are we today? We  have spotty compliance with HIPAA. Is 2008 a year for HIPAA enforcement? GAO and OMB scrutiny? OIG and CMS audits? New political pressures (new national election and health care reform) and state data protection laws are entering the mix. We have an increasing number of data breaches. Medical identity theft rising (est. 1,000,000 incidents in 2008). The usual suspects are insiders, but new “outside” threats for medical identity theft from abroad and various black markets selling medical IDs. Mobile devices, remote access pose their own challenges as does the changing regulatory landscape. EMRs, PHRs, Google Health, Microsoft HealthVault and the general push for E-heath present new security issues. Corporate governance is driving compliance as are incentives, patient safety and consumers themselves.

2:00 pm (Kate Boren) Talking about security issues in working offsite. Hard enough to do in-house IT controls without looking beyond. Management often would look the other way when it comes to offsite work - A head-in-the-sand approach. We have to be proactive to protect information. HIPAA requires the protection of all devices, media and their surrounding conditions. What about personally own devices, public kiosks, wireless networks, hotels, airports etc. Do you know who works offsite? How do you identify users? Who should own the devices or laptops? We’ve got to recognize the situation. There is considerably more risk when you go outside the corporate home. There are many vulnerabilities and threats to the confidentiality, integrity and availability of our sensitive information. We have to be aware of them and manage them. CMS security guidance came out in December 2006. We are still seeing 1 or 2 security incidents each month reported in the press regarding remote access/media.

Well that’s it for now. It’s been a terrific conference. Back to BAU — Blog as usual.

Image via Wikipedia

(I’m attending this conference for a few days at Harvard University and will do some live blogging here as the mood or content strikes me. One of my reasons for being here is to make sure I’m up-to-date on HIPAA privacy and security requirements and to get a reality check on the emerging issues.)

7:30 am The Plenary session today will start off in Harvard’s Memorial Hall in about a half hour. Miles Davis “Kind of Blue” album is playing in the background. Not bad.

8:00 am Ten Developments Transforming the Privacy Environment (Alan Westin)

1. The all-pervasive Internet 2.0
2. “Identity crisis” and data breaches
3. Social networking and video posting
4. The Blogosphere
5. Behavioral target marketing
6. The mobile revolution
7. Anti-Terrorist surveillance
8. Monitoring and photographing public spaces
9. Electronic patient health records
10. In the US, a growing culture rejecting privacy constraints

8:10 am (Westin) We need a new national privacy framework? Can we create one? What is the balance that society seeks? Europe is in the same situation. Things have changed, the ground has shifted. Most of the breaches have been in the health area. Existing law and voluntary policies do not cover these developments.

8:20 am (Westin) Future effects of these developments could include:

1. A national online privacy law and regulatory administration
2. Privacy code for mobile communications
3. Privacy code for electronic medical records
4. Privacy Act covering government electronic services and dissemination of public records
5. Federal identity management standards for the private and public sectors
6. Revision of federal anti-terrorist surveillance systems

8:30 am (Westin) We have a basically insecure data environment  marked by continuing data leaks and large-scale identity theft. A major troubling reality. We are entering a period of reflection on these issues.

8:45 am (Arthur Miller) A lot of lawyers and conservative judges looking for things to do. Once they find how to make money out of privacy issues they will be on your back. Now talking to audience members in a ‘Socratic Dialogue’ finding out who we are etc. Humorous touch.

8:55 am  (Miller) Litigation and regulation will be threats to organizations that are not on their game when it comes to privacy.

9:00 am (Congressman Cliff Stearns R-FL) Talks about the striking global differences between China and the US with US being individualistic (rights and privacy first) and China being more collectively oriented (people in lock step with each other).

ID theft is a major problem and legislation he introduced would have addressed this problem but it never reached the floor of the House. We are going at “glacial speed” with regard to privacy, in a sector by sector approach. Consumers are more vulnerable, and business is uncertain. We need a federal approach, and a comprehensive privacy framework. We must empower consumers and business with privacy tools. Privacy in the online world can be characterized as death by a thousand cuts.

9:15 am (Stearns) Discussing Google and other companies who track consumer information. What kinds of info is being tracked? What are they doing with it? Do consumers know what they are doing? Have they been notified? Need best practices to protect consumers. There are concerns about these big companies. We must be careful, of course, in how we go about creating these standards and regulations so as not to destroy the benefits of these technologies. We asked these companies about their privacy policies and their responses are available online. We also need better cyber-security and preparedness against cyber-warfare that we are witnessing now regarding Georgia and Russia.

9:30 am (Brian Tretick) Data is being held in a varied of objects and places controlled by a number of different people and organizations - a data diaspora. Need to discuss Rights and Obligations. Very difficult to answer privacy questions even for small organizations.Transformational technologies affecting privacy include:

1. Permeation of devices (smart phones, memory sticks etc - who owns the data? - blurring of work and home - who controls? Your employer?) There is the concept of “digital manners” as an example of non-user control of these devices. What are my obligations over these devices?
2. Devices will all have an internet address - Connected, location, time and condition aware. Who manages this? Expect more capabilities and proliferation of these devices. There will be new repositories of new information that you never had before.
3. Everyone will have their web “thing”. Social network sites, blogs, EMRs, web 2.0 stuff. Social networks moving into business, municipal wi-fi. People are making more predictive analysis and decisions based on the data on the web. Transformation of these web-based objects moving into this data diaspora. What, again, are my my organization’s obligations) over these things?
4. Utility Computing - Cloud computing - On-demand computing resources - it is the commodification of computing services. Who controls the info? Your organization is relying more on others. It stretches the legal aspects of these relationships. So how do I obligate my service providers? How do we address this continuity of obligations? Control and custody issues abound. What will the Cloud accept? We don’t have enough vocabulary to deal with this.
5. Outsourcing and out-shoring business functions. Who is monitoring this? Third parties often overlook these transactions. Business boundaries are blurred through the use of third, fourth, fifth parties. Who has control?

10:30 am (Deborah Peel) “HIPAA is an anti-privacy law.” Four million covered entities can share your information with each other AND their business associates without your permission. Privacy is not working. The route to progress is consumer consent. Americans want control. Her position is not radical, she says. What is radical is that the control over our medical information has been taken away from us. (She causes a little stir at the conference.)

11:15 am (Panel - Privacy prospects in the new online personal health record (PHR) world) Strong belief by the public in the value of electronic health records. Key issue in PHR adoption is consumer confidence. Policies and practices should be transparent to consumers. Consumers should be in control of their PHR information. We need companies to share their PHR privacy policies, and have the technological infrastructure to support these policies. Companies need to foster consumer trust in these new online tools. Many of these companies do not come under HIPAA. But there are other laws that go to the protection of this information. Need things like periodic privacy reports on your PHR. New federal legislation should not unduly restrict the adoption of PHRs. Mandated government solutions tends to inhibit technological innovation and make those solutions unwieldy. 50 different sets of privacy laws does not seem workable. 43 states now have breach of privacy laws. Some sensible federal preemption of state laws and balance is necessary.

(The morning sessions were terrific focusing on the ‘edge issues’ I wanted to get to regarding the emerging “new environment” for the privacy and security of electronic health information.)

1:45 pm (Lawrence Ponemon) Talking about the ‘Privacy Breach Index’ (PBI), a benchmarking tool measuring an organization’s response to an actual privacy breach. Compare and contrast your results to other organizations. In a separate survey we’ve found that most respondents give their organizations good marks for privacy but outsourcing negligence is rising. Organizations are not as proactive as they should be. Ponemon will be putting out a white paper on their findings from their PBI tool of organizations having a data breach in the last 24 months and what they did.  A ‘Privacy Trust Index’ is developed from the benchmarking tool. The PBI tool can be useful. Can be filled out online and they will score it.

2:15 pm (Daniel Solove) Talking about a new framework for understanding privacy. He has a new book in which he argues that the term privacy has lost its meaning. Why, in fact or theory, is a privacy problem harmful? This aspect of privacy is not always readily articulated. This makes privacy difficult to balance against other interest. How to conceptualize privacy? All attempts try to locate a common denominator, an “essence” of privacy. But these conceptions end up being either too vague, broad, or the opposite, too narrow. He thinks there are a lot of problems here. So we need a different way to think about privacy. He now begins quoting and using the philosophy of Ludwig Wittgenstein. Privacy problems, he says, resemble each other, but do not have ONE thing in common. Instead they share clusters of things, more like a ‘family resemblance.’ Also privacy notions have changed over time such as notions of bodily privacy or that of the ‘home’.

Solove concludes that ‘nothing is ESSENTIALLY private’. (Ahh, we see the postmodern viewpoint emerging here - my comment)

We then can turn to, say, social expectations or the specific information that is considered private, both of which are inherently bogged down with conceptual, legal and theoretical problems. So why not ask people? Well people will say that privacy is important, but will trade it away for minor conveniences. So let’s study their behavior, but that will only show that they give up their privacy. But what were their choices? It will give us a very skewed view.

Communications, for example, became private because we desired it. Solove asks, what do we desire in privacy? What do we want the laws to do? We can agree that we don’t want a dystopia. So why don’t we focus on actual problems or harms. He outlines his model examining and defining a number “harms” to the “data subject” that can happen when their privacy is violated. Solove sums up by saying we need to look at privacy in a more complete way if we are to create the balance with other society interests that we are searching for.

3:30 pm ( Panel on Privacy and Behavioral Marketing- Fran Maier) Consumers do not understand what is going on in this area. There is a lot of personalization that is valued. But how much is too much? Most (survey cited) consumers find it annoying and intrusive when it is not relevant to them. But consumers could accept a certain amount of advertising under certain conditions. Industry groups, consumers and legislators are starting to get together. We are working on coming up with rules on the tracking of our internet information, and behavioral targeting, such as ensuring the ability to ‘opt out’, for example.

Image via Wikipedia

I’m attending this conference for the next few days at Harvard University and will do some live blogging here as the mood or content strikes me. One of my reasons for being here is to make sure I’m up-to-date on HIPAA privacy and security requirements and to get a reality check on the emerging issues. The Harvard Faculty Club  has wireless and the conference staff is very helpful. Good signs for the rest of the day.

8/18/08

7:55 am Hand out materials seem very thorough and on-line resources indicated as well. Good stuff.

8:10 am Attendees intro, impressive group of privacy compliance people from a variety of medical institutions. Some IT, HR, lawyers, consulting folks here as well.

8:15 am Course offers various certifications in HIPAA.

8:30 am HIPAA: “The right thing to do.” We are now into the overview of HIPAA as protection from discrimination as consumers of health care. Meant to guarantee privacy. It’s about policies, procedures and Business Associate Agreements.

8:35 am Now outlining the non-privacy aspects of the HIPAA law like insurance portability and health care fraud.

8:55 am Yes It was expensive to implement the transaction sets! A little HIPAA boosterism starting to surface in the presentation, a little idealism compared to the difficult reality of that experience.

9:02 am Going over national medical errors numbers, the uninsured — sort of a health care reform overview. Future is about innovation and integration of technology. Big HIPAA issue was the pushback from health care institutions. No HIPAA-in-a-box solution: must be reasonable and appropriate re the protection of health info as well as measurable and manageable.

9:20 am Really need 3 levels of ‘Business Associate Agreements’: one say for the office cleaners who have some/limited access to stuff on your desk etc - low risk level, some training and rules for them; Another level would be vendors and contractors where you store medical info for example - higher risk level, more detailed. Need a low, medium and high risk business associate agreements.

9:50 am Many states have stricter privacy standards than HIPAA. These statutes are allowable, of course, under HIPAA.

(So far presentation is going over typical HIPAA orientation material, nothing really new, but folks have a variety of questions that reveal a certain higher level sophistication of the audience. Should start getting into more depth soon.)

10:20 am Stuff still happens, but you have to do what’s “humanly possible” to protect medical information. It is “amazing” the number of people who have access to our information.

10:30 am How do you de-identify information? Remove identifiable information ( use HIPAA safe harbor method of 18 specific terms. Re-identification codes are allowed.) But there may be other items of course which would would identify the individual. So not fool proof. “Limited Data Sets” are also allowed for research.

10:45 am “Use” refers to how info flows within an organization under HIPAA. “Disclosure” refers to info transmitted outside the health care organization. Disclosures: routine, mandatory, non-routine, and incidental.

11:10 am Non-routine disclosures must be on the ‘accounting of disclosures’ available to the patient.

11:30 am I finally ask questions about the new national privacy framework now being developed in Congress, and of course my favorite topic, “privacy 2.0″. HIPAA is about ‘Privacy 1.0″ — institutions, professions and the privacy rules imposed on them. Privacy 2.0 is about social media and health information. Response is that HIPAA is a floor that has to be built upon. More to come.

11;45 am HIPAA is a process not an event. Now you are compliant . . . wait a minute . . . now you’re not. Things change everyday.

(So far we’ve only touched lightly on the more problematic aspects of HIPAA such as the risks that covered entities endure dealing with the seemingly endless ambiguity endemic to government guidance, regulations and laws.)

1;00 pm Patient can agree to get notice of privacy practices electronically in some cases.

1:40 pm HIPAA has a unique policy in regard to Psychotherapy Notes. It is not seen as a part of the medical record and has special rules for disclosure.

1:50 pm Back to Business Associate Agreements. Does Medicare Part D (Drug Benefits) trump the HIPAA rules when it comes to the the degree of monitoring of Business Associates?

2:10 pm “Hybrid Covered Entity” — may have functions that are HIPAA covered but others that are not. Can be separate procedurally but no need to separate physically. May have several regulatory agencies to answer to. HIPAA’s “Group Health Plan” designation may be one of these (employer and covered entity).

2;55 pm ‘Minimum Necessary’ HIPAA rule has pervasive effects on internal use when it comes to access management systems and job descriptions that are often more burdensome than managing external disclosures.(my comment).

3:25 pm On to HIPAA security rules!

3:50 pm Security oversees Confidentiality, Data and Source Integrity, and Availability to Authorized People.

4:00 pm HIPAA Security rules are comprehensive, technology neutral and scalable to all organizations. “One size fits all - satisfy the regs with appropriate approaches to every organization.

(Ok, good enough for today)

There’s a debate in literary circles as to what kind of a guy was Franz Kafka.  A recent biographical description sees him as an unexceptional student, a strong swimmer, an aerobics enthusiast, engaged three times, liked by his employer, promoted at work and other similar sorts of normal characteristics. Oh yes and he was author of seven books. This view flies in the face of his legend: mystery, alienation and an auger of the then emerging totalitarianism the world was to experience.

Now it seems that dogs are conjured up everywhere in Kafka’s writings.  Michael Löwy writes, for example:

For Kafka, the dog represents an ethical category — if not a metaphysical one. The dog is actually all those who submit slavishly to the authorities whoever they may be.

In this image, he is pictured with a dog. And most times a dog is, well, just a dog. Yet this is Kafka, and maybe a dog is something else altogether — as implied by his rather famous quote in my graphic above. Even this quote, which touches on some sort of philosophical and spiritual reverence for dogs, is misleading once you put it in literary context -it’s a dog speaking about his own dog nature.

At the end of his life, Kafka wrote a short-story, oddly enough called ‘Investigations of a Dog’, where he takes us through a dog’s search for meaning, which in dog terms, eventually equals food.

“I know that it is not one of the virtues of dogdom to share with others food that one has once gained possession of.”

The dog investigator asks, but dogs, he finds, admit nothing because the world of dogs, he discovers, is “pledged to silence”.

“Every dog has like me the impulse to question, and I have like every dog the impulse not to answer.”

So what can we ask the dog about the man in the photograph ? Was he a good friend to you? Did he feed you well, take you out for exercise? Did he talk to you, reveal any of his hopes or demons? Were you listening?

Yes we could ask the dog these questions and more, and try to get clarity on the debate over what kind of man Kafka really was. But the legend, I’m afraid, has beat us to the punch. Dogs, it seems, keep their confidences, and their food, to themselves.

Related articles by Zemanta

• Zadie Smith on Kafka

Image via Wikipedia

My personal review of TINYPASTE :

“This might be a useful app when you need more than the 140 characters that Twitter provides and space to drone on and on about something that could be said in just a few words if, in fact, you took the time to think about how to shorten your sentences and keep your thoughts organized in a way that is comprehensible to most of us, who, by the way, often have very little time to read the useless crap that typically comes from the long-winded, shallow minded, self-indulgent minions who form the pajama army and who can’t seem to argue their way out of a virtual paper bag but instead resort to name calling and gratuitous criticism that really comes from a distorted sense of their own importance which, my friends, masks an astounding and psychoanalytically pregnant Mt Everest of self loathing only to be matched by an abyss of talent or insight.”

Hmmm. This is fun.

Image via Wikipedia

The challenges of privacy 2.0 (see previous post) are here and now. From the Kaiser Daily Health Policy Report:

Physicians and nurses who maintain blogs are not taking sufficient measures to protect the identity of the patients about whom they write, according to a study published last week in the Journal of General Internal Medicine, the Los Angeles Times reports. For the 2006 study, author Tara Lagu — a Robert Wood Johnson Foundation Clinical Scholar and an internal medicine specialist — examined 271 blogs that were maintained by physicians or nurses.

The study found that about 65% of the blogs are written anonymously. The remainder included identifying names of their authors. About 45 blogs, or 17%, “included sufficient information for patients to identify their doctors or themselves,” the study said. About 42% of the blogs contained accounts of private interactions with patients and three blogs displayed photographic images of patients that easily made them recognizable. Despite only a few blogs including conflict of interest disclosures, 11.4% of the blogs contained postings that promoted specific pharmaceutical or medical device products.

Image via Wikipedia

Steve Talbott’s book Devices of the Soul: Battling for Our Selves in the Age of Machines is difficult reading, both for the truths embedded in it, as well as the tedious exaggerations he deploys in his scathing critique of digital technology, the internet and mostly all things virtual. Yet there is much to consider here, especially in his short, but poignant, chapter on digital privacy.

Some excerpts so you can get the drift of what he sees coming:

The battle for privacy, waged upon the fields of data, will be lost. . .

. . . the ideal of privacy gains substance only in those primary contexts where we know each other well enough to care. . . Lacking such contexts, we cannot win; we will be assimilated to the realities of our technology, where one data bit looks just like another and there can be no special protection for any of them.

Issues of personal respect don’t arise between packets of data, nor between information processing programs.

Rather we will have an endless contest between privacy-protecting software and privacy-invading software.

Within the global information system every piece of data is perilously close to being globally exposed . . .

If privacy is to emerge as a meaningful public value, it will be in the context of community involvement. Where else can we learn what needs respecting about each other, if not from a knowledge of the other person in particular and of the requirements of a healthily functioning community in general.

Here’s a simple principle to consider: if you are clearing the way for a new form of data transaction, or proposing some new mechanism for data privacy, then spend at least three times as much effort working towards a means for strengthening community outside those data contexts. Otherwise, you may well be helping to destroy the essenial milieu for any privacy worth having.

So how do we think about Talbott’s arguments when it comes to health care? Several challenges quickly come to mind.

• How do we sensitize large institutions that manage medical information to the concerns of the community? In other words, how do we get medical institutions to care?
• The emergence of ubiquitous computing in health care — RFID tags, remote sensing, medical surveillance and the like — presents special challenges when it comes privacy. Where is the community context for this technology?
• What about privacy in the 2.0 world, where health information divulged in one social media, is collected for say commercial use in another?

Health care, as I have said many times, is the poster child for digital privacy issues.

Image via Wikipedia

You’ve been collecting paper scraps of your medical history in that drawer for years now. And if you had any kind of life so far, you know that your oh-so-personal-and-private health care information is presently scattered all over creation. Now to be fair, you’ve dabbled at trying to put a personal health record (PHR) together, here and there, fits and starts. But that was just playing, tinkering with a neat program or web-service. As you moved on and realized what it would really take to get your PHR together, you said to yourself, as most of us do –”ahh, maybe later when I need it”.

Right.

Well, my friends the time has come to face up to the task. Google Health is calling you. Microsoft HealthVault is calling you. Hundreds of new PHR startups are calling you. Michael Moore is calling you. Geez, even your mother is calling you. Do your duty. Resistance is futile. So cowboy up to the job.

The time has come to get your PHR s**t together.

From a recent reseach study published by Inquiry ($$) using California data. A little wordy but worth a read:

Our findings show that manged care appears to have lost its ability to significantly reduce the rate of increase in hospital costs at least in the more competitive markets in which it was most effective at holding down costs in the early to mid-1990s. Our results from the early 1990s are consistent with both theory and prior evidence showing the combination of more competitive hospital markets and high managed care penetration resulted in price competition that effectively held down costs. Our more recent data reveal that these relationships changed in important ways since the managed care backlash. High managed care penetration no longer is associated with lower cost growth — and may even be associated with higher cost growth — in the most competitive markets, indicating that the synergistic effect between managed care penetration and hospital competition to hold down hospital cost inflation no longer exists.

We are witnessing a shifting of the battle ground over the cost of health care. Not sure whether anyone but scholars and health care wonks realize the growing impact of this change in the market’s ability to deliver effective economic checks and balances in the private health care sector.

Image via Wikipedia

Julie Deardorff of the Chicago Tribune writes on the the new health and fitness apps for the iPhone:

These programs can literally put all your health records—including digital images such as ultrasounds and echocardiograms—into the palm of your hand. Or they can administer eye exams or keep track of your calories and exercise.

We’ve talked about this before (here and here) but now the question is, will the the new ‘mobileme’ generation push the demand for the adoption of electronic medical records (EMRs) and personal health records (PHRs)?