Face it: Your health records will one day be a matter of public record

Face it: Your health records will one day be a matter of public record

Summary: I just got done reading Lisa Vaas' coverage of another fumble in health data. This one hails from Canada where, according to Vaas' coverage in eWeek:....

SHARE:

I just got done reading Lisa Vaas' coverage of another fumble in health data. This one hails from Canada where, according to Vaas' coverage in eWeek:

....on the evening of Nov. 20, a consultant employed by the Provincial Public Health Laboratory was contacted at his home office by an unidentified security researcher. The researcher told the consultant that he was in possession of patient information stored on the consultant's computer. That patient information includes names, MCP (Medical Care Plan) numbers, age, sex, physician and test results for infectious diseases, including HIV and hepatitis...

I'm trying to imagine what it might be like to have just learned that you are HIV positive, perhaps looking to keep that information close to the vest, only to suddenly find out that the information was made public by way of some security snafu with one of the umpteen organizations/individuals that came into contact with your highly sensitive data. This episode which involved a consultant who, by possessing a PC that had all the data on it, was violating some policy. It is eerily reminiscent of the 26.5 million Veteran's Administration patient records (including those of 2.2 million troops on active duty) that fell into the wrong hands (temporarily, thankfully) by way of an analyst who had the records on his computer.

It was only last week that the UK was reeling from another similar health data snafu. On the very same day that officials learned of Canadian breach (November 20), the UK's HM Revenues and Customs agency was owning up to its loss of the "confidential details of 25 million child benefit recipients that had been stored on two computer disks."

The question these breaches bring to mind is the degree to which our confidential medical records can really be safeguarded. Given the number of people that have access to them, the path the data takes from one organization to another, etc. -- the idea that this information can be guarded as though our national security depends on it is a pipe dream. Although it hasn't happened yet, it will only be a matter of time before some huge quantity of confidential records is indelibly published to the Web in a way that cannot be taken back. These breaches will range from the inadvertent (honest mistakes) to the purposeful (eg: disgruntled employees) and don't be surprised if some cases involve blackmail, zombie computers, and members of organized crime that are beyond the reach of the local law.

As much as I hate the idea, I'm beginning to accept the fact that my health data may one day be a matter of public record. What about you?

Topics: CXO, Enterprise Software, Hardware, Health, Software, IT Employment

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

34 comments
Log in or register to join the discussion
  • Way too verbose

    s/health data/data/

    As our government keeps telling us, privacy is an obsolete concept. Get used to it.
    Yagotta B. Kidding
    • You my friend are a..

      regex freak.

      David
      dberlind
      • Punster

        [i]regex freak.[/i]

        That's what she [b]sed[/b].
        Yagotta B. Kidding
    • So is freedom

      Our freedoms have been taken away constantly by government. We might as well get used to it. Might as well get rid of all freedom and accept serfdom.
      Free-BooteR
  • What village idiot takes this stuff home?

    There has been a lot of data lost because some village idiot takes
    a laptop home and it is lost or stolen. Why do they take the data
    out of the office? Do they consider themselves too important and
    deserve to take it home? Personally I'd move these yo-yos to a
    position that is less sensitive - handling a mop & broom seems
    like a good place for them to start with.

    As for data loss through a loss by a freight company, a low that
    provides very hefty fines and the financial responsibility for any
    loss suffered by those whose data was lost would go a long way
    in getting them to treat the data like it was gold - which in a way
    it is.

    Quite simply, there is insufficient requirements and
    responsibilities related to handling data outside of it normal
    confines. Too many people and companies are too casual with
    their responsibility in handling the data and will continue to be
    until the price of failure gets their attention in a major way.
    Ken_z
    • Where humans are involved...

      I don't think there's much that can be done about these incidents. Where humans are involved (and they invariably are), there simply is nothing that can be done to really ensure that this data will be kept private. The phrase "it's a jungle out there" comes to mind. The idea that this highly sensitive data is out there (data that a lot of predators would like to lay their hands on) and that's it's so decentralized (as opposed to other similar data, like the data kept by the credit reporting industry which isn't really centralized but is far more centralized than the healthcare industry) really makes the data impossible to manage. Some data will get out due to sloppiness. Other data will get out as a result of nefarious activites, some of which will involve social engineering (the human aspect). It's inevitable.

      David
      dberlind
    • Maybe a village idiot that already sold the data

      . . . and just needs to have a laptop or a dvd 'stolen' to cover the fact.
      paron
    • The UK clangers was below an idiot

      The UK data loss was CDs put in the mail and not even as much as zipped with a password.

      Yet if I let data leak from a company I deal with, we can get fined so mcuh we will be history.

      Just another reason why governments cannot be trusted with our personal data.
      tony@...
    • penalties?

      Interesting question about why someone takes the data home.

      Perhaps if the punishment is sufficient, people will scan their laptops for private info before bringing them out of the office.

      For instance, a guy's breach of security put the identity of 100,000 people in jeopardy? No problem, he simply PAYS for the full cost of monitoring their credit reports for 5 years, and for the full costs of restoring any identity theft problems of any of those 100,000 who have their identity stolen in that time. What, he can't afford that? No problem, the offender just becomes a serf until the debt is paid.

      Might cause a change in the casual treatment of the private data of others.
      boguscomputer
  • RE: Face it: Your health records will one day be a matter of public record

    I don't accept it since by definition it would make the release of health data acceptable. The goal should be to make the information available to health professionals while preventing unauthorized releases. I believe that the goal is achievable by focusing on privacy issues, but I don't believe that this will happen.
    John73
    • Statistics

      [i]The goal should be to make the information available to health professionals while preventing unauthorized releases.[/i]

      You're just let something like 10% of the world's adult population have access, and you think that it's possible to keep it from spreading [u]further?[/u]

      Two men can keep a secret -- if one of them is dead.
      Yagotta B. Kidding
      • The only way 2 men can keep a secret...

        is you bury both of them with it.
        mrOSX
    • Tight controls between health care professionals

      Oddly enough if you want one of your doctors to send some of
      his records on you to another doctor you have to sign a Release
      of Information. When I wanted copies of the reports from 2 CT
      scans I had to sign the ROI for them to give my information to
      me.

      The restrictions within the profession is, at times, a hazard. A
      fried of the family was called into Admissions to look at a patient
      who was agitated. The friend, an RN, was in the room when the
      patient turned purple - and she gave CPR until the ambulance
      arrived. It was only hours later that she learned that the patient
      was HIV positive. Both the patient and the friend were then in the
      emergency room together. The same withholding of information
      applies to hospital patients - you can't disclose HIV/AIDS to
      various health professionals. My wife (a Physical Therapist) just
      started considering that all patients were HIV/AIDS patients.

      The real issue of external privacy breaches will generally be
      related to idiots taking data from the office, or courier companies
      having a casual indifference to their responsibility.
      Ken_z
      • BSI

        [i]The restrictions within the profession is, at times, a hazard. A fried of the family was called into Admissions to look at a patient who was agitated. The friend, an RN, was in the room when the patient turned purple - and she gave CPR until the ambulance arrived. It was only hours later that she learned that the patient was HIV positive. Both the patient and the friend were then in the emergency room together. The same withholding of information applies to hospital patients - you can't disclose HIV/AIDS to various health professionals. My wife (a Physical Therapist) just started considering that all patients were HIV/AIDS patients.[/i]

        If you'll pardon me, [b]well, DUH![/b] -- that's the first thing we teach in emergency medicine, CPR, etc: your first step is Bodily Substance Isolation. No mask, no rescue breathing. If it's wet and it isn't yours, assume it's infectious.

        It's as much for the patient's protection as your own.

        For what it's worth, there's some serious study now under way looking into whether rescue breathing is necessary once you start chest compressions. Remember, you're [b]not[/b] legally obligated to risk yourself, so if you can't do rescue breathing safely you can still render aid without it.

        As always, IANAL. Consult a lawyer for advice that's worth listening to.
        Yagotta B. Kidding
  • RE: Face it: Your health records will one day be a matter of public record

    Frankly, I don't care. I have never understood the paranoia about people seeing my medical records. Way overblown. Fact is, if anyone REALLY wants to see them, they'll find a way.
    pegntim@...
    • You won't care until your Insurance Co. turns down your claim.

      The more they know the higer the risk your claim is denied... or you can't get insurance in the first place.
      leobrown
      • Insurance companies already have the info

        When you apply for insurance, you give the insurer the right to access all your medical records. They can get them directly from the providers or from clearinghouses. The only way to "hide" potentially damaging (from a premium or insurability perspective) health information is not to discuss it with any health professional, which is not especially useful if you are seeking health care. Each professioanl has a legal obligation to record what you tell them; otherwise, they are subject to loss of license or malpractice exposure. And if you try to hide information and the insurer finds out after you have been treated, it can void the policy and recover any payments it made.
        pegntim@...
  • RE: Face it: Your health records will one day be a matter of public record

    Just because it *MAY* happen, does not mean we should just sit back and take it! If something is important, fight for it!
    When we live in a world without prejudice, this will no longer be an issue, but alas, we are human and we judge!
    Crime happens everyday, with this kind of attitude, all crime should be legal, just because we cannot prevent it.
    cnet@...
  • Don't let it happen!

    Digitized medical records will be used to discriminate against you by insurance companies and possible employers and others. There is NO benefit to healthcare from allowing electronic distribution of YOUR records. Your doctor can already fax them to any other provider if you give him written permission. Keep it the way it is to prevent loss of your privacy rights and to prevent more restrictions in your health and life insurance. Don't give hackers a chance to steal them if they become available for online distribution by careless insurers. Tell your congressman and senators you don't want this to become reality.
    noexpert@...
    • There is a benefit to digitized records

      Namely, if you get into an accident, they are unable to contact your doctor.... BOOM! They can just get your medical information online and use it to save your life.

      I am not worried about my medical records being online... what we more need instead of the paranoia over that is for there to be laws that make discrimination against people based on their health records for ANY reason illegal.
      Leria