Personal health information and the lack of security surrounding it has caused quite a bit of buzz lately.
Take, for example, the accusation of former British Prime Minister Gordon Brown that reporters from The Sun (one of the British papers owned by Rupert Murdoch currently involved in the high-profile phone hacking case in Britain) gained unauthorized access to his infant son’s medical records and used that information to write a story about his son’s cystic fibrosis – information that Brown believed only his family and his son’s caregivers were privy to.
Or recent news that UCLA Health System in L.A. has agreed to shell out $865,000 to the federal government to resolve allegations that employees violated federal patient privacy laws by accessing the medical records of two celebrity patients. The health system has a bad track record with adequately protecting patient health information (PHI). It has been in trouble for employees leaking PHI related to Maria Shriver, Britney Spears and the late Farrah Fawcett, who reportedly set up a sting operation to prove to the hospital that one of its employees was leaking information. According to the public interest journalism site ProPublica.com, the US Dept. of Health and Human Services found that, between 2005 and 2008, unauthorized UCLA employees repeatedly looked at the electronic files of numerous other patients as well.
While – sadly - it’s easy to understand why an unscrupulous hospital staff member might want to make an extra buck alerting TMZ to the detail surrounding a celebrity’s labor and delivery, or hush hush plastic surgery, it’s also easy to discount as a problem of the high profile.
But stolen medical records and breaches of personal health information are not just problems that affect celebrities and politicians. They’ve been around almost as long as Rupert Murdoch.
From the patient’s perspective, it begs the question, “Can this information be used in a malicious way?” The answer is most certainly yes – identities can be stolen and credit scores destroyed.
From the provider’s perspective, “Why is this happening, and how can we prevent it from happening again?” At first glance you might think it’s a technological problem – not enough encryption, records are too easily accessible by any employee. But I say it’s more basic than that. Hire good, ethical people who take pride in their role as caregivers and respect the trust they establish with their patients.
Vendors should be asking themselves, “How can we bolster our products to ensure that providers and their patients don’t experience these breaches?” The vendor angle is one that I don’t have a ready response to. I’d love to hear from the Healthcare IT News audience in the comments below as to what you think are the technological solutions to this very personal problem.
Jennifer Dennard is Social Marketing Director for Atlanta-based Billian's HealthDATA and Porter Research.