Originally Posted by
jsnydcsa
Re: Privacy. Can't the patient always consent to sharing the patient's confidential info with the medical professional over a potentially "unsecure" communications method regardless of the communications method? If I consent to talk about something medically confidential with my physician on a public street corner (v. a private in-person examining room) or with me in Fiji and my physician in Finland, what's the difference? If I consent (granted, knowledgeable consent), what's the problem?
It depends on if you are sufficiently informed of the risks. You are unlikely to be talking to a doctor in public about your medical history regardless of if you give consent as that could be an issue for them in a professional sense (their certification authority could take them to task and even take away their credentials if the violation is severe enough). For the average citizen it's unlikely to escalate unless the person gets really compromised, but for medical staff, it could become a nightmare for tracking purposes (eg, you give consent, but is it between you and him? You and her nurse? Between the nurse and the doctor while out to grab a coffee, etc...) there can be so many scenarios that it is simpler to just limit it to the office. That's why in many places, if there needs to be a discussion of a patient, it's done behind closed doors.
Originally Posted by
jsnydcsa
Also, I've participated in Zoom's where somewhere on the screen it says something along the lines of "hosted over servers located in the US" (that's not a direct quote) which I presume is supposed to indicate that everything is "happening" so to speak in the US rather than all over the globe. Granted these were Zoom's involving only US-located participants (in multiple US States). But, maybe that's a potential indicator of stuff not being spread all over the globe.
For zoom, that was partly to avoid sanctions. Zoom was storing a huge amount of information in China. The concern was that the meetings/recordings could be accessed by the chinese government and considering that the data (initially) wasn't encrypted, private discussions would be compromised. That's why many tech companies have different rules for China (and presumably soon if not already) Russia. India is also moving towards that as well. All under the the guise of national security/privacy.
Originally Posted by
jsnydcsa
Finally, I have zero doubt that my medical records are hosted, reviewed and accessible in any number of data sites/call centres around the globe and that somewhere, I've tacitly consented to that when I scrawled my signature across a dozen+ forms upon arrival at a physician's office or hospital ER.
Actually that is a mixed bag. In the US (and the EU and Canada), the data is kept "in-house" and depending on the competency of the application and administrators, encrypted. If done properly, those that use managed service providers for the infrastructure will not provide the admin access to the data (so for example, a database admin in India will be able to manipulate the US-based database in terms of keeping it running, but will not have the ability to read the data itself). Additionally many of the large service providers have two teams, the remote team to do the day to day stuff and a slightly more privileged local team for more heavy lifting stuff.
Your data is somewhat protected (there are always exceptions) and there are access logs that are often reviewed (or supposed to be). I know up here, people who weren't supposed to view a person's medical records have been disciplined/fired for doing so.