Hospitals Still Struggle With Security of Patient Records

In an effort to monitor medical record security breaches, the DHHS keeps a website. Called by some the “Wall of Shame.”

(Harvey Rice, Houston Chronicle)
The recent loss of a thumb drive that endangered the personal information of 2,200 patients at the University of Texas M.D. Anderson Cancer Center was one of 10 similar losses of personal data from hospitals in the Houston area over the last three years.

An inattention to data security is a persistent problem in the health care industry that is starting to draw increased scrutiny from federal and state officials, with fines for exposing patient information ranging in the millions of dollars and officials being jailed in some instances, experts say.

Health industry officials reported 489 instances of data loss nationwide involving information on 500 or more patients in each case since reporting regulations took effect in late 2009. The cases involved more than 21 million patients, according to the U.S. Department of Health and Human Services.

Losses of data involving fewer than 500 patients totaled 55,000 during the same period. Each loss is a potential violation of the 1996 Health Insurance Portability Act, known as HIPAA.

The health care industry and others have been slow to realize the importance of protecting data, said Bruce Schneier, an international cybersecurity expert who has written several books on the topic.

“It happens in every industry,” Schneier said. “The security is really, really bad.”

Federal officials are more muted in their criticism. Susan McAndrew, the deputy director for health information privacy at the Health and Human Services Office for Civil Rights in Washington D.C., said, “In general, we believe that these statistics indicate that there is more that (the health care industry) could be doing to embrace a culture of compliance with respect to safeguarding the privacy and security of their patients’ protected health information.”
(Read more of this story at Houston Chronicle)




Comments are closed.