VideoStealing Your Pain
Right now, anyone who wants to read your medical records probably has to break into a file cabinet and — far more daunting — attempt to read a physician's handwriting.
Surely electronic medical records (EMRs) will have more-sophisticated ways of keeping intruders away. But will firewalls and encryption be enough? Not necessarily, says James McCartney, an identity-management and privacy consultant at BearingPoint. "Are your records secure where they are now, on paper and filed away?" asks McCartney. "No. But in some ways, they will be more accessible and less secure online. We can't get rid of the breaches and the thefts, but we have to minimize them by setting high standards for protecting online medical records."
While the Health Insurance Portability and Accountability Act does address some facets of electronic recordkeeping, additional standards have yet to be spelled out by the government. In addition to identity thieves, who might use information they dig up to submit phony billings, "inadvertent disclosures of sensitive medical data" are also a concern, according to Eric Johnson, a professor of management at Dartmouth's Tuck School of Business. Johnson conducted a study last year in which he spent two weeks testing how much patient information he could get simply by using peer-to-peer file-sharing networks such as Morpheus.
His conclusion: too much. His haul of barely buried treasure included, for example, data from 9,000 patients — including Social Security numbers, treatment codes, and insurance details — from a single medical lab. He retrieved one spreadsheet with 82 columns of data covering roughly 20,000 patients. "Once we opened that digital door, and a hard drive was exposed, we found all kinds of frightening things coming out of the health-care system," says Johnson.
Health-care attorney Lori-Ann Rickard, managing partner of Rickard & Associates, handled a case in which a teenager's medical records were leaked, allowing his classmates to learn of his HIV-positive status. But Rickard, like Johnson, believes that the government's EMR push will create better safeguards. "With most new technology systems, it takes a while to get the kinks out," she notes. "So right now, most of what we are seeing are kinks." — J.H.
Reader CommentsDisplaying 2 of 2
Alberto Borges
May 3, 2009 4:30 AM ET
Lots of inaccuracies in this article...
Although this article does bring up some insight on why insurers want c-EHR systems, the article has a lot of … more
Jeff Neff
May 1, 2009 5:02 PM ET
Need help with a great idea
I have a patent on a system that will save thousands of life's and Billions of Tax dollars! Google or someone need to … more
Post a comment | View all comments