Big Doctor Is Watching

Several speakers at the security conference were concerned, however, about the potentially Orwellian effect of government micromanagement of data standards. Those standards might in some sense enhance medical privacy; they could also allow the government to access and use medical records more easily, because the government will have dictated the digital parameters under which the records must be kept.

"Before 9/11, we concentrated on how to protect consumer information," said Lance Hayden, business development manager for Cisco Systems Inc. "Now it's about how to get better surveillance. It's a complete shift in focus.

"The feds are driving the development of computer security from Echelon [the NSA program that listens to electronic communications worldwide] to HIPAA. The government is trying to pull together disparate systems of data sources and mine it for patterns and intelligence."

As a way of explaining, Hayden drew a line to represent what he calls a "continuum of surveillance." Post-Watergate laws, such as the Privacy Act of 1974, were designed to restrict the government's ability to gather personal information; they lie at one end of the line. "At the other extreme from the Privacy Act," Hayden said, "is the "panoptican' state, the total surveillance society. HIPAA falls somewhere in between -- it is the government saying, "We will monitor you.'"

Because the U.S. government sets many computer security standards and is the single biggest buyer of computer goods, the tech sector is, quite naturally, following the government's lead and money, and Cisco is no exception. The San Jose-based company is offering firewalls, encryption programs, and consulting services tailored to meet the HIPAA standards. Booz Allen Hamilton, headquartered in McLean, Va., was recently awarded a $3 million contract to train the U.S. military's 130,000 health care providers in HIPAA compliance. And the Bay Area-based Sybase Inc., which sells Patriot Act compliance software that monitors bank customers' transactions in real time for suspicious patterns, has just rolled out HIPAA Studio, a suite of medical-records software that, presumably, meets new NSA/DOD-developed security standards.

As Sybase's trademarked motto puts it: Everything Works Better When Everything Works Together.