CS 3043: Social Implications of Information Processing: D-term 2010

Homework 2: Electronic Health Records / Electronic Medical Records and Privacy

H Due: Thursday, April 1 (no joke)
B Due: Friday, April 2
Scope: 1000-1500 words

Please refer to the sections about homework grading and writing in the main course web page.

Assignment Description

This is a very timely topic.

As part of the struggle to resolve the massive failures of the US health-care system, the Federal department of Health and Human Services has recently joined forces with the National Institutes of Health (there are other players, but these two are probably leading the pack), in the effort to rationalize certain uses of Information Technology in health-care. A major component is the topic of EMR & EHR. (The differences between the two are immaterial for this assignment).

The shallowness of the current level of IT use in an area consuming above 12-14% of our economy is no less than breath-taking.

There are many reasons for this situation and privacy concerns are an important factor. For better or worse, the country is gearing up to bring interoperable electronic health records into existence. Your task is to think, and write, about some related aspects.

Read the articles "electronic medical record" and "electronic health record" in the Wikipedia. While far from impeachable, they provide a good current overview, address the privacy issues, and, most importantly, reference quite recent good information sources for further study. You will need to read further; either from sources mentioned there or other suitable publications you can find, especially about some of the technical and legal issues mentioned there. The amount of material available is so large, and the time frame is so limited, that we urge you to exercise caution.

Assignment Questions

In your paper, answer the following questions:
  1. There are privacy aspects of EHR that are different from those we experience with any other sensitive information kept by organizations. What are they? Explain the differences, for example, from the privacy of your bank account.

  2. Suggest ways to ameliorate these particular difficulties by bureaucratic means, such as reducing the sensitive content of the records, or defining roles of certain categories of personnel in the health-care system, possibly on a need-to-know basis, to minimize information loss and hazard. Define the particular technologies used for prescribed purposes to counteract any of the risks, or any other organizational restructuring you can imagine and suggest. Analyze the possible approaches. Can these be adequate? If yes, argue for it, if no, explain your demurral.

  3. Suggest ways to ameliorate these particular difficulties by technical means, including, say, security protocols, encryption, just-in-time information availability, non-mobile devices, dispersion of information, or any other technique you believe can mitigate the genuine concerns you described in your first answer? What are the limits of what is achievable?


The problems are genuinely hard. We do not call on you to engage in technical or organizational wizardry, but mostly ask you to make clear your understanding of the privacy issues involved, and how any of the solutions you suggest interact with the context of EMR in our society, warts and all.

After you have done some reading, we suggest you discuss the issues, and the sources you have read, with other students in the class. Your submitted work has to be your own, but you can certainly test your ideas on your peers.

If you find it of interest, and you know a group of like-minded students, you can use it as a topic for the group-project, selecting some aspect of the problem (which need not focus solely on privacy issues).

This is a topic that if developed enough can sustain several such projects, and even, for future use, IQPs.