The NSA's Prism and Your EHR: More Alike than You'd Think

June 24, 2013

The NSA appreciates the importance of context. Do you? Does the EHR at your medical practice?

This week continues a discussion about data, context, and information.

The primary reason that today's EHRs disappoint is that they emphasize data collection, and data alone are essentially meaningless. You might suspect that these distinctions are merely "technical" details that only impact those developing computer systems. If so, you would be wrong.

Recent events having nothing to do with EHR or computer science make it abundantly clear that our American way of life is threatened because the general public does not understand these concepts.

Prism (if you don't know by now) is the code name for a classified program under which the NSA accessed the central computer servers of nine U.S. Internet companies, extracting e-mail, audio, and video chats, photographs, documents, and other material. Prism came to light earlier this month as a result of reporting by the Washington Post, the British Guardian, and the Electronic Frontier Foundation. The next day it became a lead story everywhere. Writing in TheNew Yorker, Jane Mayer said: "Dianne Feinstein, a Democrat from liberal Northern California and the chairman of the Senate Select Committee on Intelligence, assured the public earlier today that the government’s secret snooping into the phone records of Americans was perfectly fine, because the information it obtained was only 'meta[data],' meaning it excluded the actual content of the phone conversations, [logging only]... who called whom when and from where."

Metadata is one form of what I have been calling context, specifically, it is data about data. While data alone (such as an actual phone conversation or the number 12) is relatively meaningless in isolation, the metadata or context can be meaningful without the data. Metadata can reveal patterns and patterns can be informative. Assume that the context of the 12 (above) indicates that it is a breathing rate, measured at such and such a time. For example, if we know that the frequency of breathing rate measurements being made on a patient was abruptly increased, even without knowing the actual numbers that would suggest that the patient's condition had worsened acutely. Similarly, knowing who called whom, the times, and locations could establish that individuals are converging on some location for some reason.

Mayer continued: "So how bad could it be? The answer, according to ... engineer Susan Landau (the author of "Surveillance or Security?") is that it’s worse than many might think.' The public doesn’t understand ...,”[that] metadata... [is] much more intrusive than content." To restate this critical concept: Metadata (context) alone is more informative than content (data) alone.

Consider this: Those with an agenda, the NSA or your EHR vendor, are happy to exploit the relative ignorance of the customer - the senators and members of Congress in the case of the government, and you and your management in the case of EHR. The NSA can dismiss the metadata (the contextual material) as something of so little consequence that an oversight committee needs not worry about it. Your EHR vendor can fail to tell you that their EHR is nothing more than a simple-minded data collection device, with a few "templates" thrown in, that does not capture enough context to make the data useful.

Capturing context requires different, often more elaborate, potentially expensive preparations than merely capturing data. The NSA has undoubtedly spent billions on Prism but, since their budget is "black," not many probing questions are ever asked. Had they been, the magnitude of the expenditures alone would raise a question about how something unimportant (the metadata) could cost so much.

There is no simple fix for your EHR that will transform a data-collecting EHR into one that captures context in a useful way. Knowing that, would you still be willing to plunk down a couple of billion for one of these babies?

Knowing that would burst the fed's balloon which was inflated by the assumption that the available EHRs justify a massive expenditure on a national scale. By minimizing the importance of context, those who would lie or deceive have found a way to tell a truth (legalistically) while actually misleading by not putting the truth (data) in context. John Cassidy, writing in The New Yorker agrees in his piece "N.S.A. Scandal: God Save Us From the Lawyers." It is still true that while figures may not lie, liars figure.

The take-home lesson: Understanding data and context is really important.