Monday, August 18, 2014

Medical Records Security

. . One of the advantages of that doctors office with rows upon rows of patient records is they are relatively secure.  Because of the vary nature of paper records, they are hard to steal by anyone, but an insider.  However, with emphasis of the Affordable Care Act to digitize and share records all of that security is about to be lost.
. . In a recent visit to a doctor's office I watch him and his staff really struggle to digitize their records. A typical 15-minute office visit was now taking up to 30 minutes as they diligently transferred paper notes into some computer data base.  At the end of the visit, the receptionist offered me (and possibly a lot of other people) the opportunity to view my records online.
. . Most medical offices are computer-illiterate and consequently even worse data security illiterate.  Besides your medical records, they are likely to have personal records, such as your social security numbers, birth information, listing of family members, copies of driver's licenses and insurance cards, etc.  All of this stuff they are diligently and unwittingly making available to the cybercriminals.
. . Most people may feel the false sense of security that HIPAA protects the disclosure of personal records.  That is only protect against intentional disclosure, but how many medical and hospital offices conduct security audits?  Hacks of Target, Bank of America, AOL, etc have made the news.  Time to get ready for the big data thefts -- doctors' and hospital data bases.
. . For more about this problem start here, Yes, medical device security is lousy - so what?

 Comments from an Anonymous Medical Doctor:

. . It's true. The Feds have decreed all medical records shall be digital by a certain date to be eligible to participate in any federal health care program. The first round is incentivized by higher payments from federal agencies to providers who can demonstrate significant progress to that end. Latter stages enforce with penalties.  No standards for how this was to be done were given. The expectation was that the marketplace would sort it out.
. . The result has been a Babble of incompatible systems that don't work. Every office, every hospital, every clinic having a different system means that learning one is no help when you move to another.   
. . Security is certainly sacrificed in this environment.  For one example, each segment of the system requires a different password that must be changed to something totally different every month or so.  No just changing a 1 to a 2 etc. Computers can pick that up and reject it.  

. . No one can remember all those passwords; so, that means we must write them down in a place we can get to quickly, and so can about any diligent password thief.  Then  consider the hoard of IT people who must have access to the data to keep the non system working.  IT techs are the migrate workers of the climate controlled world. 
. . All this is fixable and probably will be some day.  The one security benefit that digitized records can bring that is not possible with paper records is to keep track of who viewed them. Someone who takes a paper folder out, reads it and puts it back may leave no trace. Viewing an electronic record can be made to leave a trace.  Also, the benefits of having all your medical records available to those who need them, anywhere anytime, are enormous.  

. . The Mayo Clinic has an excellent system which is a real time saver.  Also, prescription errors are lessened.    


No comments:

Post a Comment