Home » Time Capsule » Currently Reading:

Time Capsule: Joe Sixpack’s Concerns About Privacy and Security Need to be Taken Seriously

April 22, 2011 Time Capsule 1 Comment

I wrote weekly editorials for a boutique industry newsletter for several years, anxious for both audience and income. I learned a lot about coming up with ideas for the weekly grind, trying to be simultaneously opinionated and entertaining in a few hundred words, and not sleeping much because I was working all the time. They’re fun to read as a look back at what was important then (and often still important now).

I wrote this piece in February 2006.

Joe Sixpack’s Concerns About Privacy and Security Need to be Taken Seriously
By Mr. HIStalk

Is it just me, or are we having a sudden epidemic of privacy and security breaches in health care organizations?

Quite a few examples have been reported in newspapers and on TV lately, including the embarrassing “backup left in the back seat” exposure at Providence Health System. Patients are angry, lawyers are salivating, and those organizations involved in such breaches are fixing the gate as the horse gallops away.

Consumer Reports joined the fray this week, expressing concern that our electronic systems may not protect personal health information. Not just from thieves, but from drug marketers and fundraisers as well (odd, I know, but that’s what they said).

Hospitals used to feel safe, rationalizing that much more attractive targets such as banks would receive hacker priority. Indeed, hacker-type security breaches that expose patient data are fortunately rare (medical information has little cash value and few willing customers, so we can’t take all the credit).

We in health care IT may believe that the biggest barrier to our obviously beneficial migration to electronic medical records is money. Outside our world, however, Joe Sixpack doesn’t give that a thought (he’s seen all those construction cranes darkening our hospital skies, so he knows we’re doing OK). He’s worried that his neighbors will learn his medical history, that his employer may fire him for poor health, or that his insurance will find a reason to deny him care because he is predisposed to need it.

Joe Sixpack understands stolen paper charts, but he doesn’t worry much about that. He knows thieves seldom bother, for the same reason they’d rather not steal pennies from a wishing well: it’s too much work and risk for too little gain. Electronic records are obviously more attractive. A single computer, backup disk, or unprotected server can hold thousands or even millions of medical records that are easy to carry and hide, attracting a thief who’s more interested in showing how smart he or she is instead of robbing a convenience store.

(And of course, there’s a good chance that the prospective thief is your own employee, as I’m sure you already know.)

Joe Sixpack might view your EMR project as unusually risky, despite liking the concept. He doesn’t know what precautions you should take, but he’ll hold you accountable if you are breached. Odd, isn’t it, that a physical break-in seldom reflects poorly on the company being victimized, but an electronic one immediately triggers outrage and disbelief?

Other industries already have electronic records, so their risk is lawsuits. Healthcare is just moving to electronic data storage, so our risk is greater. The implied threats could stall our efforts to get there.

I think we need to take quite seriously those concerns about privacy and security as we solve connectivity problems to support RHIOs and integration. That means money diverted away from much-needed functionality to hopefully never-needed security. The people sitting around the table need to come from all industries, not just healthcare. We’re fairly new at this security thing, after all.

Most of all, we need to pay new attention. When Consumer Reports is worried about health care security and privacy, that means a lot of Americans are worried. We need to reassure them that we know what we’re doing.

View/Print Text Only View/Print Text Only

HIStalk Featured Sponsors


Currently there is "1 comment" on this Article:

  1. What’s being reported today is just the tip of the iceberg. Regulators have no idea how to do their jobs and the health plans and hospitals know it.

    Frankly, I don’t see any point in putting in more regulations when the ones we have aren’t being enforced.

Subscribe to Updates



Text Ads

Report News and Rumors

No title

Anonymous online form
Rumor line: 801.HIT.NEWS



Vince Ciotti’s HIS-tory of Healthcare IT

Founding Sponsors


Platinum Sponsors


















































Gold Sponsors
















Reader Comments

  • Sigh: I wish I could go to a RoboRave instead of HIMSS....
  • DefinitelyNotADog: I'm pleasantly surprised to see somebody mention Carequality, as I'm used to folks looking the other way and pretending ...
  • Vaporware?: "Because they are the BIGGEST" Yeah, ZDogg, I like grinding axes as mush as the next guy, but Cerner is in the ballpa...
  • Vaporware?: Re: OIG Oversight for Cerner/DoD/VA Interoperability: They're kidding right? The DoD isn't hooked up to CommonWell, so n...
  • Mr. HIStalk: You are right - thanks!...
  • Flu Checker: I think the Spanish flu infected 1/3 of the world's population, not killed them....
  • Mr. HIStalk: A reader sent these in: Get on the early FIRST bus of the day, especially on Tuesday and Wednesday, and if your accom...
  • Obfuscator: I feel like someone at CDC had a really fun time making that chart....
  • Not buying it: ZDoggie seems to think hightly of some other 80s tech though... macOS is the second major series of Macintosh operati...
  • Eddie T. Head: Coffee Talk: ZDogg MD is neither a real dog, nor a real MD. Discuss amongst yourselves......

Sponsor Quick Links