Saturday, October 31, 2009

Data Storage Laws and Electronic Medical Records

Rules surrounding data storage are becoming more and more important as we become a more digital society. The BBC reports that Microsoft senior vice-president Brad Smith is calling for international trade laws around data storage.

Apparently different countries have different rules around how long data must be stored and when it must be destroyed. This can become a confusing issue to navigate for companies offering data storage to an international market. Should they follow the data storage laws of the country that the consumer inputted the data from or the country the data is being stored in?

Rules around data storage also complicate electronic medical records, which some hail as the next technological revolution in medicine. Medical data is completely confidential, so many would argue the idea of storing the data outside of the country is preposterous. This takes away the complexity of having two sets of laws around the storage of the data; however, it means that we cannot take advantage of cheaper rent and maintenance fees found by establishing data centers in foreign countries. Keep in mind that having these data centers within our borders does not really make the data more secure. Hacking only requires accessibility and if the data center is connected to any kind of network on the internet, its physical location has no influence on its security. So does it really make sense to demand that medical data is stored within the country?

Considering laws regarding how long medical data must be stored, we currently have rules around how long paper medical charts must be held by a physician. Would these rules be the same if/when we move to digital records? Digital records are much easier to manage than their paper counterparts, so it may make sense to store them indefinitely, or at least for a longer period of time. This would certainly be of added benefit in research. We could learn a great deal if we had over 40 years of patient data to study. Of course, this is only true if researchers gain patient consent to view the data.

As data storage becomes a more frequent point of discussion in politics, I think we will see health officials begin to weigh in on data storage policy, at least with regards to how data storage affects health care.

1 comment:

Joel Sivi said...

Medical data is completely confidential, so many would argue the idea of storing medical records outside of the country is preposterous. This takes away the complexity of having two sets of laws around the storage of the data.