A Little Law Lecture

I have been asked to give a lecture at the University of Houston Law school about PHRs and HIPAA.

I originally hooked up with the law program there because they publish interesting things on the collision of Open Source and Healthcare IT law, an issue that I care about.  Now I am being invited to talk about PHRs, HIPAA and other interesting things at a Law class. When I was a student I loved it when a speaker brought notes, so that I could focus not on the information content of what he was saying but the validty of his arguments. Apparently (ironically really) I am qualified to talk about things that I blog about, so I wanted to point out some of the medico-legal topics I have covered in my various posts, in some kind of formal way. I hope this benifits others.

But first, I must invoke that wonderful acronym of amateurism IANAL.I am not a legal expert at all, no matter how smart I sound. This is OK because I am much less concerned with how the law does work, than with how the law should work. I think of the law as “applied moral philosophy”, which means that I can ignore lots of the legal issues especially when it is stooopid. When you think the law in a given area is stoopid, like our copyright law, (at least Colbert knows) then you respond with licenses that make some kind of sense, like the GPL or Creative Commons. I am not really an expert in these licenses either, but I am shocked at how often legal experts totally trash the concepts that our community was trying to protect when we wrote these licenses. For instance I have heard file-sharing compared to Creative Commons and Open Source as similarly respectful of copyright.

I care about Free and Open Source licenses in Healthcare IT. I also care about user agreements and PHR privacy statements. So lets dive right in.

First when everyone else was in an uproar about Google Health and Healthvault not being covered by HIPAA, I came to their defence. PHR systems should not be covered by HIPAA and that is a good thing. 

I wrote an article on the difficulty of designing software around healthcare privacy laws.

I have written a pretty snarky little post on the definitions of the terms PHR/EHR/EMR, do not have much to say about that except that these terms are still abused by people who sell stuff. Its much more important to consider a feature set in when defining a term like EHR.

As I prepare for this lecture I wish I had written more on the “Robots attack” problem, where average people have unreasonable fears about technology, but I have talked some about how we focus on the wrong class of problems, with regards to security threats.

I have not yet talked much about the evils of health IT patents. But I should.

So hopefully, talking a look at all of this I should be able to come up with a good talk.