Face it: Your health records will one day be a matter of public record
Summary: I just got done reading Lisa Vaas' coverage of another fumble in health data. This one hails from Canada where, according to Vaas' coverage in eWeek:....
I just got done reading Lisa Vaas' coverage of another fumble in health data. This one hails from Canada where, according to Vaas' coverage in eWeek:
....on the evening of Nov. 20, a consultant employed by the Provincial Public Health Laboratory was contacted at his home office by an unidentified security researcher. The researcher told the consultant that he was in possession of patient information stored on the consultant's computer. That patient information includes names, MCP (Medical Care Plan) numbers, age, sex, physician and test results for infectious diseases, including HIV and hepatitis...
I'm trying to imagine what it might be like to have just learned that you are HIV positive, perhaps looking to keep that information close to the vest, only to suddenly find out that the information was made public by way of some security snafu with one of the umpteen organizations/individuals that came into contact with your highly sensitive data. This episode which involved a consultant who, by possessing a PC that had all the data on it, was violating some policy. It is eerily reminiscent of the 26.5 million Veteran's Administration patient records (including those of 2.2 million troops on active duty) that fell into the wrong hands (temporarily, thankfully) by way of an analyst who had the records on his computer.
It was only last week that the UK was reeling from another similar health data snafu. On the very same day that officials learned of Canadian breach (November 20), the UK's HM Revenues and Customs agency was owning up to its loss of the "confidential details of 25 million child benefit recipients that had been stored on two computer disks."
The question these breaches bring to mind is the degree to which our confidential medical records can really be safeguarded. Given the number of people that have access to them, the path the data takes from one organization to another, etc. -- the idea that this information can be guarded as though our national security depends on it is a pipe dream. Although it hasn't happened yet, it will only be a matter of time before some huge quantity of confidential records is indelibly published to the Web in a way that cannot be taken back. These breaches will range from the inadvertent (honest mistakes) to the purposeful (eg: disgruntled employees) and don't be surprised if some cases involve blackmail, zombie computers, and members of organized crime that are beyond the reach of the local law.
As much as I hate the idea, I'm beginning to accept the fact that my health data may one day be a matter of public record. What about you?
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Way too verbose
As our government keeps telling us, privacy is an obsolete concept. Get used to it.
You my friend are a..
David
Punster
That's what she [b]sed[/b].
So is freedom
What village idiot takes this stuff home?
a laptop home and it is lost or stolen. Why do they take the data
out of the office? Do they consider themselves too important and
deserve to take it home? Personally I'd move these yo-yos to a
position that is less sensitive - handling a mop & broom seems
like a good place for them to start with.
As for data loss through a loss by a freight company, a low that
provides very hefty fines and the financial responsibility for any
loss suffered by those whose data was lost would go a long way
in getting them to treat the data like it was gold - which in a way
it is.
Quite simply, there is insufficient requirements and
responsibilities related to handling data outside of it normal
confines. Too many people and companies are too casual with
their responsibility in handling the data and will continue to be
until the price of failure gets their attention in a major way.
Where humans are involved...
David
Maybe a village idiot that already sold the data
The UK clangers was below an idiot
Yet if I let data leak from a company I deal with, we can get fined so mcuh we will be history.
Just another reason why governments cannot be trusted with our personal data.
penalties?
Perhaps if the punishment is sufficient, people will scan their laptops for private info before bringing them out of the office.
For instance, a guy's breach of security put the identity of 100,000 people in jeopardy? No problem, he simply PAYS for the full cost of monitoring their credit reports for 5 years, and for the full costs of restoring any identity theft problems of any of those 100,000 who have their identity stolen in that time. What, he can't afford that? No problem, the offender just becomes a serf until the debt is paid.
Might cause a change in the casual treatment of the private data of others.
RE: Face it: Your health records will one day be a matter of public record
Statistics
You're just let something like 10% of the world's adult population have access, and you think that it's possible to keep it from spreading [u]further?[/u]
Two men can keep a secret -- if one of them is dead.
The only way 2 men can keep a secret...
Tight controls between health care professionals
his records on you to another doctor you have to sign a Release
of Information. When I wanted copies of the reports from 2 CT
scans I had to sign the ROI for them to give my information to
me.
The restrictions within the profession is, at times, a hazard. A
fried of the family was called into Admissions to look at a patient
who was agitated. The friend, an RN, was in the room when the
patient turned purple - and she gave CPR until the ambulance
arrived. It was only hours later that she learned that the patient
was HIV positive. Both the patient and the friend were then in the
emergency room together. The same withholding of information
applies to hospital patients - you can't disclose HIV/AIDS to
various health professionals. My wife (a Physical Therapist) just
started considering that all patients were HIV/AIDS patients.
The real issue of external privacy breaches will generally be
related to idiots taking data from the office, or courier companies
having a casual indifference to their responsibility.
BSI
If you'll pardon me, [b]well, DUH![/b] -- that's the first thing we teach in emergency medicine, CPR, etc: your first step is Bodily Substance Isolation. No mask, no rescue breathing. If it's wet and it isn't yours, assume it's infectious.
It's as much for the patient's protection as your own.
For what it's worth, there's some serious study now under way looking into whether rescue breathing is necessary once you start chest compressions. Remember, you're [b]not[/b] legally obligated to risk yourself, so if you can't do rescue breathing safely you can still render aid without it.
As always, IANAL. Consult a lawyer for advice that's worth listening to.
RE: Face it: Your health records will one day be a matter of public record
You won't care until your Insurance Co. turns down your claim.
Insurance companies already have the info
RE: Face it: Your health records will one day be a matter of public record
When we live in a world without prejudice, this will no longer be an issue, but alas, we are human and we judge!
Crime happens everyday, with this kind of attitude, all crime should be legal, just because we cannot prevent it.
Don't let it happen!
There is a benefit to digitized records
I am not worried about my medical records being online... what we more need instead of the paranoia over that is for there to be laws that make discrimination against people based on their health records for ANY reason illegal.