Powered by Blogger.

Medical data breach of the week - but your EMR data is secure, trust us, we're IT experts

Posted by izzy19 | 12:51 PM
,

I have written frequently about the pipe dream of secure national electronic medical records, such as in Febraury 2010 at my post "Networked EMR's and Healthcare Information Security: Practical When Massive IT Security Breaches Continue?", my post "Networked, Interoperable, Secure National Medical Records a Castle in the Sky?", as well as "Operation Aurora And a Widespread Reluctance to Discuss IT Flaws: Is Universal Healthcare IT Really a Good Idea in 2010?" and others.

I was also quoted on July 30, 2010, in a Philadelphia Inquirer story about the theft of a laptop computer with data on 21,000 patients from Thomas Jefferson University Hospital here, and also interviewed August 2 by local NPR station WHYY-91FM, where I stated:

"There is almost no excuse for unencrypted data to be sitting on any computer at a hospital or any organization," said Scot Silverstein, a Drexel University expert on health-information technology.

In the latest health-data-on-computer-theft-of-the-week, the Inquirer ran this story today about a local theft ten times as large as July's:


Medical-data breach said to be majo

By Jane M. Von Bergen, Inquirer Staff Writer, Thu, Oct. 21, 2010
A computer flash drive containing the names, addresses, and personal health information of 280,000 people is missing - one of the largest recent security breaches of personal health data in the nation


The breach, which involves the records of Medicaid recipients, is the first such Medicaid data breach in Pennsylvania since at least 1997, according to the state's Department of Welfare, which has oversight.

There is little more I can add to my prior postings on this issue except the words of privacy advocate, psychiatrist Dr. Deborah Peel:


The security failure, one of the several largest in nearly two years, involves nearly two-thirds of the insurers' subscribers. It became known only after The Inquirer requested information Tuesday evening. The insurers said the drive was missing from the corporate offices on Stevens Drive in Southwest Philadelphia. It noted that the same flash drive was used at community health fairs.

"That seems grossly irresponsible," said Dr. Deborah Peel, a Texas psychiatrist who heads Patient Privacy Rights, an advocacy group.

"Why would you be hauling around private patient information to a health fair," she said. "I can't imagine what they were thinking, taking this data out of a locked room at company headquarters.

"What's tragic is that this is a particularly vulnerable group of people," Peel said. "They tend to be vulnerable to identity theft, vulnerable to discrimination." Medicaid recipients are low-income people.


As to encryption (a built-in feature of the upper tier versions of Windows and of Mac OS X):


They [the companies] would not comment on the riskiness of taking the drive to health fairs, nor would they say whether the data on the drive was encrypted.

Highly likely translation: no.

[Did any employee have their "privileges revoked" -- the medical term of art for a physician who is 'fired' -- I wonder? - ed.]


Perhaps the executives in charge of this data, as well as the IT department, should read stories like the aforementioned July 30, 2010 story.


However, I fear there are those who are ineducable or hopelessly irresponsible when it comes to acting cautiously and responsibly regarding computer-based medical information, in the poorly bounded, complex, unpredictable world of healthcare.

That is not to even mention deliberate theft for personal gain.




0 comments

Post a Comment

Subscribe to: Post Comments (Atom)