Healthcare IT: How safe is your patient data?

March 17, 2006

Massive security breaches are a wake-up call to tighten up your computer defenses. Here's how.

Last December, someone smashed the window of a car belonging to an employee of Providence Health System in Oregon and stole computer backup tapes and disks containing records of 365,000 home health patients.

In an age when organized crime traffics in pilfered Social Security numbers, incidents like this put a chill on the growing movement to computerize patient data. The same technology that can save lives and money can also create opportunities for privacy violations on a massive scale. After all, it's hard to imagine identity thieves finding 365,000 paper charts in somebody's car.

Jumbo breaches in computer security also plague the rest of society, but when the wrong eyes are looking at your medical history as well as your Social Security number, there's even more cause for angst. And healthcare IT has had plenty of scary mishaps besides the one in Oregon over the last 12 months:

And maintaining the privacy of electronic patient data isn't just a challenge for doctors and hospitals. An article in Consumer Reports noted that HIPAA allows providers to share data with healthcare-related businesses, which could misuse this confidential information, or let it slip into the wrong hands.

Although surveys show most Americans believe that EHRs will improve medical care, they also worry about showing up in the next stolen laptop. According to a Harris Interactive survey, while 48 percent said the expected benefits of EHRs outweigh the privacy risks, 47 percent said the opposite.

These are sobering numbers for the healthcare industry as well as for the Bush administration, which envisions a national health information network, or NHIN, that connects doctors, hospitals, and patients. For all the fear of identify theft, though, a society that loves ATM machines and online shopping isn't likely to return to paper records.

So the challenge will be to reduce privacy risks to an acceptable level. Penalties like the one levied against Kaiser will pressure healthcare organizations to clean up their data act. So will lawsuits filed by identity theft victims and recent state legislation that mandates more safeguards for consumer information. Two proposed federal bills are also under consideration.

Healthcare IT safeguards are a work in progress

An hysterical attitude toward the vulnerabilities of electronic patient data doesn't help matters, though. After all, dramatic privacy lapses also occur in the paper world. In April 2005, for example, thousands of Cleveland Clinic hospital bills blew through downtown Cleveland after they fell out of a delivery truck.