Welcome to the Nexus of Ethics, Psychology, Morality, Philosophy and Health Care

Welcome to the nexus of ethics, psychology, morality, technology, health care, and philosophy

Sunday, February 19, 2012

Data Breaches Put Patients at Risk for Identity Theft

By Robin Erb
Detroit Free Press
Originally published 2/12/12

Walk into a doctor's office and chances are that some of your most private information -- from your Social Security number to the details of your last cervical exam and your family's cancer history -- is stored electronically.

Your doctor might access the information on a cell phone that could slip into the wrong hands. The staff might take it home on a laptop or a flash drive.

As Detroit-area health care providers take multimillion-dollar steps toward electronic records, they're talking about more than efficiency and better care. They're talking security, too.

"It's a great concern," said Dr. Matthew Zimmie, who is heading an $80-million conversion to electronic records at Oakwood Healthcare System.

Oakwood's security measures include passwords and security profiles — allowing a radiology tech, for example, to look only at information for radiology patients.
"We definitely take this seriously," Zimmie said.

They have to. According to a recent report by the Ponemon Institute, a Traverse City, Mich.-based firm that conducts research about privacy and security:
  • Data breaches nationally grew 32% last year, mostly because of employee negligence and lack of oversight.
  • Nearly all of the 72 organizations surveyed reported at least one incident of lost or stolen information in the previous year.•And although four out of five doctors use smartphones, more than half say they are not taking precautions to encrypt information.
  • The top three causes for a data breach were lost or stolen computing devices, unintentional release of information by contractors and unintentional employee action, according to the report.
  • More than half of the respondents reported they had little or no confidence that their organization would be able to detect all breaches.
"It's almost a matter of time before anyone can be a victim. The key is catching it early," said Dennis Doherty, an assistant prosecutor who handles fraud cases for Wayne County, Mich.