Are you are a security professional charged with protecting patient records maintained by your employer such as a hospital or medical insurer?
Then don’t miss Sarah Rubenstein’s April 29th round-up in The Wall Street Journal of the issues and most egregious recent breaches involving poorly protected medical records. (Sarah’s article is also useful if you are simply concerned about your own digitized medical records and issues of personal privacy.)
Most of the media attention in recent weeks about patient records has focused on a few Hollywood stars who allegedly had their records and their privacy invaded in Los Angeles. There has been at least one indictment since Sarah’s article, based on evidence that some of the information may have been sold to the media itself.
But the problem for those who guard those records is only going to get much bigger as hospitals and other health care institutions begin complying with the industry’s determined press to adopt electronic records for patients – making access quicker and easier in a crisis.
The intent of the industry initiative is to give a sharp and final shove to Luddite medical doctors and hospital bureaucrats who keep vital medical records on unprotected scraps of badly filed paper … and who have traditionally refused any and all reasonable attempts to master contemporary data recording and retrieval systems.
But the transition to digits is creating security nightmares of its own.
And the problem, says Sarah in her April 29 article, goes well beyond celebrity records in Hollywood hospitals: “In a spate of recent security lapses at hospitals, health insurers and the federal government, private information on hundreds of thousands of patients, ranging from Social Security numbers to fertility-treatment and cancer records, has been compromised.”
Security professionals in the health care industry need to keep on top of potential vulnerabilities in this field, but they also must be aware of changing privacy rules in the industry, largely driven by the provisions of the Health Insurance Portability and Accountability Act (HIPAA).
Sarah also provides some links that are useful in learning more about the law … and how all of us can better guard the guardians of our records:
Health Care Privacy Project
http://www.healthprivacy.org/
Detailed information on federal health-privacy laws
Patient Privacy Rights
http://www.patientprivacyrights.org/
Privacy toolkit that includes a form to request your medical records
Privacy Rights Clearing House
http://www.privacyrights.org/
Tips on identity theft and dealing with a security breach.
World Privacy Forum
http://www.worldprivacyforum.org/
Tips on medical identity theft
– Tom Goff
Subscribe Now
AddThis
Nick Catrantzos + Tom Goff
- All Secure
- NICK CATRANTZOS is the lead author of the All Secure website and is the emeritus security director for a large public organization. He has also managed security aspects of corporate takeovers, response to international hostage situations, and finding and keeping secrets. He has been board certified in security management, licensed as a private investigator, and certified as an incident commander. He worked as a case officer for a discreet branch of public service. He protected stealth technology at Lockheed and, later, as a consulting security director for both Kroll and Control Risks, he assisted executives with workplace violence cases and with protecting VIPs and critical assets globally in volatile areas. Nick's partner, TOM GOFF, was a captain in the Military Police Corps, U.S. Army Reserve and has a law degree from the University of California at Davis. He is a former reporter for Fortune Magazine, was senior editor at New York Magazine and Esquire, and has provided crisis and communications counsel to senior executives at Fortune 500 companies, including Lockheed, ARCO, Microsoft, Nissan, and Sony Pictures.