Home » Time Capsule » Currently Reading:

Time Capsule: Joe Sixpack’s Concerns About Privacy and Security Need to be Taken Seriously

April 22, 2011 Time Capsule 1 Comment

I wrote weekly editorials for a boutique industry newsletter for several years, anxious for both audience and income. I learned a lot about coming up with ideas for the weekly grind, trying to be simultaneously opinionated and entertaining in a few hundred words, and not sleeping much because I was working all the time. They’re fun to read as a look back at what was important then (and often still important now).

I wrote this piece in February 2006.

Joe Sixpack’s Concerns About Privacy and Security Need to be Taken Seriously
By Mr. HIStalk

Is it just me, or are we having a sudden epidemic of privacy and security breaches in health care organizations?

Quite a few examples have been reported in newspapers and on TV lately, including the embarrassing “backup left in the back seat” exposure at Providence Health System. Patients are angry, lawyers are salivating, and those organizations involved in such breaches are fixing the gate as the horse gallops away.

Consumer Reports joined the fray this week, expressing concern that our electronic systems may not protect personal health information. Not just from thieves, but from drug marketers and fundraisers as well (odd, I know, but that’s what they said).

Hospitals used to feel safe, rationalizing that much more attractive targets such as banks would receive hacker priority. Indeed, hacker-type security breaches that expose patient data are fortunately rare (medical information has little cash value and few willing customers, so we can’t take all the credit).

We in health care IT may believe that the biggest barrier to our obviously beneficial migration to electronic medical records is money. Outside our world, however, Joe Sixpack doesn’t give that a thought (he’s seen all those construction cranes darkening our hospital skies, so he knows we’re doing OK). He’s worried that his neighbors will learn his medical history, that his employer may fire him for poor health, or that his insurance will find a reason to deny him care because he is predisposed to need it.

Joe Sixpack understands stolen paper charts, but he doesn’t worry much about that. He knows thieves seldom bother, for the same reason they’d rather not steal pennies from a wishing well: it’s too much work and risk for too little gain. Electronic records are obviously more attractive. A single computer, backup disk, or unprotected server can hold thousands or even millions of medical records that are easy to carry and hide, attracting a thief who’s more interested in showing how smart he or she is instead of robbing a convenience store.

(And of course, there’s a good chance that the prospective thief is your own employee, as I’m sure you already know.)

Joe Sixpack might view your EMR project as unusually risky, despite liking the concept. He doesn’t know what precautions you should take, but he’ll hold you accountable if you are breached. Odd, isn’t it, that a physical break-in seldom reflects poorly on the company being victimized, but an electronic one immediately triggers outrage and disbelief?

Other industries already have electronic records, so their risk is lawsuits. Healthcare is just moving to electronic data storage, so our risk is greater. The implied threats could stall our efforts to get there.

I think we need to take quite seriously those concerns about privacy and security as we solve connectivity problems to support RHIOs and integration. That means money diverted away from much-needed functionality to hopefully never-needed security. The people sitting around the table need to come from all industries, not just healthcare. We’re fairly new at this security thing, after all.

Most of all, we need to pay new attention. When Consumer Reports is worried about health care security and privacy, that means a lot of Americans are worried. We need to reassure them that we know what we’re doing.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there is "1 comment" on this Article:

  1. What’s being reported today is just the tip of the iceberg. Regulators have no idea how to do their jobs and the health plans and hospitals know it.

    Frankly, I don’t see any point in putting in more regulations when the ones we have aren’t being enforced.

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Founding Sponsors


Platinum Sponsors




























































Gold Sponsors
















Reader Comments

  • Sam Lawrence: Except in this case, coding = medical billing, not development. Though the same warning may be true...
  • BeenThere: Partners will find the savings from their cuts of coders as fools gold. There are a lot of hidden costs running an outs...
  • JC: If there is not there can be. VistA has a reference lab interface that can create the manifests/labeling and such as we...
  • Tom Cornwell: Great stuff from Dr. Jayne as usual. One small typo, last sentence of second-to-last paragraph: should be 'who's' not 'w...
  • HIT Observer: What I find most interesting here, is people defending their common practices rather than truly taking this as invaluabl...
  • Bob: There's no incentive for the provider to spend time doing a price comparison for the patient. Nor is it a good use of th...
  • Peppermint Patty: Veteran - can you clarify what was "fake "? Was something made up (definition of fake) or did you disagree with Vapo...
  • Pat Wolfram: Such a refreshing article. Thanks -- there really can be a simpler version of an acute HIT implementation. But I do ...
  • Woodstock Generation: Bravo to HIStalk's Weekender recaps and other news/opinions. I read it first thing on Monday mornings..................
  • Veteran: #fakenews...

Sponsor Quick Links