Are Your Medical Records Safe?


By Eileen Feretic

Is the information in your medical records safe from prying eyes? Maybe ... maybe not.

In the "Electronic Health Information at Risk" study conducted by Ponemon Institute (www.ponemon.org) and sponsored by LogLogic (www.loglogic.com), 61 percent of the 542 IT practitioners in the surveyed health care organizations said they don't have enough resources to ensure the privacy and security of patients' records. Not only that, but 70 percent said that "senior management does not view privacy and data security as a top priority."

That's disgraceful! Will these executives wait until there's a data breach and thousands of angry patients threaten to sue them before privacy and security move closer to the top of their priority list? Unfortunately, that's probably the case.

And the shocking statistics continue: Fifty-three percent of respondents said their organization does not "take appropriate steps to protect the privacy rights of patients." And if you think HIPAA is going to protect you, think again. An equal number of respondents reported that their organization doesn't "take appropriate steps to comply with the requirements of HIPAA."

That means that more than half of health care providers don't safeguard our medical history, family health history, prescription drug use, Social Security number (which many doctors require), and any checking or credit card information we use to pay our bills. Going to the doctor may be good for our health, but it could be very bad for our identity, our privacy and our financial security.

The Ponemon report also points out seven threats to electronic health information: virus and malware infections, malicious employee attacks, data breaches, social engineering, organized cyber-crimes, regulatory challenges, and identity and authentication failures. Virus and malware infections (52 percent) and data breaches (49 percent) are the most likely threats to occur. The most severe threat, according to the survey, is posed by identity and authentication failures (58 percent), followed by malicious employee attacks (48 percent).

The Ponemon report states that "the prime culprit of major data breaches in the health care space is likely to result from insecure database activities. "With the HITECH (Health Information Technology for Economic and Clinical Health) Act urging health care providers to adopt electronic health records, the industry must act quickly to strengthen security and privacy protections.

It's time to move this initiative to the top of the priority list--before the breaches, accusations and lawsuits begin.