This post is by Gerry Gebel from Burton Group Identity Blog
Click here to view on the original site: Original Post
Blogger: Kevin Kampman
Last weekend, my wife and I conducted a whirlwind friends and family tour of western Washington State. Starting Friday morning in Seattle, we drove to Marrowstone Island, then to Glacier via Port Townsend, Deception Pass, and Bellingham. Saturday we drove to the top of Mt. Baker, then back to Tukwila. Sunday, we were off to Carnation (just east of Redmond) to visit a horse we helped the Cowgirl Spirit Rescue Drill Team save from slaughter. We met with Juliane and JJ, and turned out Bazkheno DaVinci (you thought only people had naming issues) onto a 20 acre lot with five other rescue horses. It is a sad situation that trained horses like Baz turn up at auction; sadder still that many of them turn up as someone’s dinner.
Sunday evening we had a fine Italian dinner with my wife’s family in Seattle; no pets were on the menu. I did have a conversation about the IT and business divide with one of my cousins, from a business perspective. More about that, later.
So, where am I going with this? Burton Group has been following identity, privacy, and electronic health records (EHR) for some time. In particular, the issues around liability and the potential for damages that could occur if patient records aren’t properly managed and protected. There are a variety of solutions coming to market to capture and maintain EHRs; some employers are mandating the use of these services. Microsoft and Google are making significant strides in this area, and Microsoft just made a significant acquisition of Sentillion that bolsters its health care portfolio. Even the government is in the act, providing substantial stimulus money for health records automation.
However, the record on these efforts is not encouraging. In a recent blog: Electronic Health Records: Are They Worth It or Not? by Robert Charette, the author cites research that indicates that while certain efficiencies may be realized by implementing EHR, larger concerns are surfacing about data mining of these records, primarily to benefit insurance and government entities. The blog goes on to state that EHRs may have little or no impact on the quality of or reducing the cost of health care. And, the risk remains that this information will be used for purposes other than originally intended. With the large government investment being made to implement these systems, the possibility exists that the investors, managers, and the government will ride roughshod over patient privacy unless powerful oversight over this information is established.
At dinner Sunday evening, we discussed an IT project that is being rolled out to meet an arbitrary schedule. This is in spite of misgivings on the part of business representatives about project preparedness and the potential impact of failure. The point was made that while the project had known issues, there was no one influential or powerful enough to stand up and question the current state of the effort. No one wants to take the fall. The horse is ready to run, so to speak, if only on three legs.
As part of our current research on governance, we are learning that strategic, shared perspectives about business value and risk throughout projects, programs, enterprises, and communities is frequently lacking. For a business, this is regrettable. When there are life-affecting issues at stake, this is clearly unacceptable. In these situations, governance may not be enough. Leadership skills, advocacy, and authority for those least able to protect themselves are critical. Whether it’s a new financial or patient records system, nothing less is acceptable. Once the horse (or EHR, or any other personally identifiable information) is out the gate, there is little likelihood of bringing it back.