The road to electronic health records is lined with data thieves

August 5, 2011

The following is a guest post by Reuters contributor Constance Gustke. The opinions expressed are her own.

The future of your personal health information involves gigantic Internet-driven databases that connect you to doctors, health information and services no matter where you are and what time it is.

With a big push from President Obama, who wants secure electronic health records for every American by 2014, many health insurance companies, hospitals, private practices and pharmacies are already delivering some patient portals using these records as a backbone.

It’s the future of medicine, says Dr. Raymond Casciari, chief medical officer at St. Joseph Hospital in Orange, California, but for now, he adds, “We’re still in the dark ages.”

The portal approach is intended to be beneficial, letting you share key medical data instantly with your family and consult with specialists on another continent. It’s supposed to lower healthcare costs and provide better services. But the data being stored is sensitive and so far it isn’t very secure, say experts. So it’s important to know how your medical information is being shared and managed, especially as access explodes.

Dr. Deborah Peel, a psychiatrist and founder of Patient Privacy Rights, is dubious about patient medical privacy on portals. She believes that data breaches can have harmful effects, including medical discrimination. “Today, we can’t see who uses our electronic records,” she warns. “And they can be back-door mined.”

How? One patient can generate 10,000 pages of hospital electronic records in just one week. In that time, many different entities, like pharmacies, credit brokers and data clearinghouses access that data.Yet only 10 percent of all hospitals lock down their data, according to Peel. And ongoing Health and Human Services Department (HHS) investigations have found that dozens of data braches in systems run by large hospitals in New York, California, Illinois, Texas, Massachusetts, Georgia and Missouri. The upshot is that healthcare technology lags behind many other industries like banking.

Security for the current slate of public portals can vary widely. Microsoft HealthVault gets high security marks from Patient Privacy Rights, for example, but WebMD got only C marks. And many others aren’t rated.

And patients can put their information at risk at home, too, using unsafe computers that may not be secure, says Peel. “This is the wild west in terms of how data flows,” she says. “Assets are roaming on the open ranges. And the rustlers are out foxing us all.”

So who are the rustlers? They’re data miners who use medical data to build profiles, along with identity thieves and other fraudsters. Medical records are a gold mine of personal data, including Social Security numbers, names and birth dates, along with financial and medical information. “This data is the most valuable information of all,” says Peel. “It shows everything about you.”

Even more dangerous, stolen medical data can damage your healthcare. “There could be more healthcare discrimination,” says Judy Hanover, a research director at the Massachusetts-based research firm IDC. She adds that providers need to do more security audits to prevent any data breaches. “They’re behind in realizing risks,” she says.

One word of warning: government regulation is weak. The Health Insurance Portability and Accountability Act signed in 1996, which covers patient privacy, doesn’t offer enough protections says Peel. While HIPAA does give you some control over your medical data — you can decide that you don’t want other entities to access your records, and you can theoretically find out who has viewed your records — no system can completely track access.

Advocates like Peel are trying to strengthen privacy rights and HHS currently tracks privacy breaches on its site. Currently, there are 281 cases listed, including hospitals, doctors and insurance companies that reported large data thefts, losses and other breaches. For example, HHS found that Massachusettes Eye & Ear Infirmary and Kaiser Permanente Medical both had medical data thefts.

Ultimately, your first line of defense rests with your doctor, though, says Peel. To thwart breaches, pepper your doctor with questions. How will my data be transmitted? Will it be encrypted?  For assistance, you can also download a question form at Patientprivacyrights.org.

Also, start slowly when using today’s iteration of patient portals. Begin with medications you’re taking or a recent diagnosis you’ve had to see how well the process works. “And talk to your physician about the process along the way too,” Dr. Casciari adds, because, “Right now, portals put more information at risk.”

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/

[…] when Reuters was quick to distance itself from the author at the beginning of her article The road to electronic health records is lined with data thieves, which I have not often seen in EMR and EHR blogs.  After I read through it, I began to think that […]

Posted by EMR Data Theft Returns | Happy EMR Doctor | Report as abusive

[…] The following is a guest post by Reuters contributor Constance Gustke. The opinions expressed are her own. See the full article at http://blogs.reuters.com/reuters-money/2 011/08/05/the-road-to-electronic-health- records-is-lined-wit… […]

Posted by Patient Privacy Rights » The road to electronic health records is lined with data thieves | Report as abusive

[…] more here: The road to electronic health records is lined with data thieves … Category: Economy, Press, Research, Resources and tagged california, credit-cards, debt, […]

Posted by The road to electronic health records is lined with data thieves … | Rockledge Advisors | Report as abusive

[…] to know how your medical information is being shared and managed, especially as access explodes. [Read more at Reuters Money] Filed Under: […]

Posted by The road to electronic health records is lined with data thieves | Report as abusive