Wednesday, June 22, 2011

Patient health records lost on subway train results in $1 million fine

With all of the concerns over cyber attacks and digital security, it is interesting to consider the state of security of private health information like patient records in general.

Often times, health information is stored in paper charts that are handled by various people, photocopied, FedEx'd, and otherwise shuttled around in an analog fashion. The reality is that this approach to managing personal health information is much less secure than properly encrypted digital files.

In one case, Mass General lost scheduling documents for hundreds of patients on a subway train...
"Massachusetts General hospital system agreed to a $1 million settlement with the civil rights office for losing scheduling documents for 192 patients. The documents -- which bore personal information such as names, insurance data and diagnoses -- were accidentally lost on a subway train."
The next step up from paper charts has been in-office computer systems that store patient information electronically. This is a step in the right direction. However, the basic password protection available on these systems is easy to crack, the servers and PCs running the software that contains this information are relatively easy to pick up and steal, and any sort of natural disaster (like a flood or tornado) can decimate these records rendering the information impossible to retrieve.

This all argues for a shift to healthcare cloud computing, implemented with proper security measures, as the next major leap in information security. With encryption in flight and at rest, striped drives, geographically distributed data centers, and two phase authentication, health information is much more secure in the cloud than it is when on a subway train in a paper file.

Here is an article that addresses this subject -

No comments: