Home » Time Capsule » Currently Reading:

Time Capsule: Joe Sixpack’s Concerns About Privacy and Security Need to be Taken Seriously

April 22, 2011 Time Capsule 1 Comment

I wrote weekly editorials for a boutique industry newsletter for several years, anxious for both audience and income. I learned a lot about coming up with ideas for the weekly grind, trying to be simultaneously opinionated and entertaining in a few hundred words, and not sleeping much because I was working all the time. They’re fun to read as a look back at what was important then (and often still important now).

I wrote this piece in February 2006.

Joe Sixpack’s Concerns About Privacy and Security Need to be Taken Seriously
By Mr. HIStalk

Is it just me, or are we having a sudden epidemic of privacy and security breaches in health care organizations?

Quite a few examples have been reported in newspapers and on TV lately, including the embarrassing “backup left in the back seat” exposure at Providence Health System. Patients are angry, lawyers are salivating, and those organizations involved in such breaches are fixing the gate as the horse gallops away.

Consumer Reports joined the fray this week, expressing concern that our electronic systems may not protect personal health information. Not just from thieves, but from drug marketers and fundraisers as well (odd, I know, but that’s what they said).

Hospitals used to feel safe, rationalizing that much more attractive targets such as banks would receive hacker priority. Indeed, hacker-type security breaches that expose patient data are fortunately rare (medical information has little cash value and few willing customers, so we can’t take all the credit).

We in health care IT may believe that the biggest barrier to our obviously beneficial migration to electronic medical records is money. Outside our world, however, Joe Sixpack doesn’t give that a thought (he’s seen all those construction cranes darkening our hospital skies, so he knows we’re doing OK). He’s worried that his neighbors will learn his medical history, that his employer may fire him for poor health, or that his insurance will find a reason to deny him care because he is predisposed to need it.

Joe Sixpack understands stolen paper charts, but he doesn’t worry much about that. He knows thieves seldom bother, for the same reason they’d rather not steal pennies from a wishing well: it’s too much work and risk for too little gain. Electronic records are obviously more attractive. A single computer, backup disk, or unprotected server can hold thousands or even millions of medical records that are easy to carry and hide, attracting a thief who’s more interested in showing how smart he or she is instead of robbing a convenience store.

(And of course, there’s a good chance that the prospective thief is your own employee, as I’m sure you already know.)

Joe Sixpack might view your EMR project as unusually risky, despite liking the concept. He doesn’t know what precautions you should take, but he’ll hold you accountable if you are breached. Odd, isn’t it, that a physical break-in seldom reflects poorly on the company being victimized, but an electronic one immediately triggers outrage and disbelief?

Other industries already have electronic records, so their risk is lawsuits. Healthcare is just moving to electronic data storage, so our risk is greater. The implied threats could stall our efforts to get there.

I think we need to take quite seriously those concerns about privacy and security as we solve connectivity problems to support RHIOs and integration. That means money diverted away from much-needed functionality to hopefully never-needed security. The people sitting around the table need to come from all industries, not just healthcare. We’re fairly new at this security thing, after all.

Most of all, we need to pay new attention. When Consumer Reports is worried about health care security and privacy, that means a lot of Americans are worried. We need to reassure them that we know what we’re doing.

View/Print Text Only View/Print Text Only


HIStalk Featured Sponsors

     

Currently there is "1 comment" on this Article:

  1. What’s being reported today is just the tip of the iceberg. Regulators have no idea how to do their jobs and the health plans and hospitals know it.

    Frankly, I don’t see any point in putting in more regulations when the ones we have aren’t being enforced.







Subscribe to Updates

Search


Loading

Text Ads


Report News and Rumors

No title

Anonymous online form
E-mail
Rumor line: 801.HIT.NEWS

Tweets

Archives

Founding Sponsors


 

Platinum Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Gold Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Reader Comments

  • Fourth Hansen Brrother: In the history of paper based charting, there were apparently plenty of instances of gang bangers entering hospitals and...
  • PM_from_haities: Pretty sure in the history of paper based charting a terrorist never came in took over a hospital and locked the filing ...
  • iPharmD: Justin Box needs to apply for immediate entry to The American College of Informatimusicology http://www.acmimimi.org/...
  • Leroy: I get that CHIME has to make money, but the question is how much is enough. I think the Associate Membership is a good i...
  • PC: More like 30,000 athena docs checking their contracts for the termination for convenience clause......

Sponsor Quick Links