Online Health Records Extend Data Breach Risk

A recent article in the Wall Street Journal titled “New Epidemic Fears: Hackers” highlights the dark side of the movement towards putting  our personal medical and healthcare records online.

There is $29 billion in the Stimulus Bill that is targeted towards hospitals and other healthcare providers for the implementation of electronic healthcare record systems. We are encouraged that as patients, we will derive benefits in our healthcare from this trend due to more rapid access to accurate health and prescription information by healthcare professionals.  It is remarkable how little health information is stored in electronic (vs. paper) form and even less is shared among healthcare providers.

This article, however, also points out that healthcare organizations appear to be increasingly vulnerable to exposing our personal health information as measured by the incidence of “reported” data breach incidents.

“In recent years, the number of reported data breaches at healthcare organizations has soared, despite laws requiring the groups to protect patient information. In May, a hacker stole more than 500,000 patient records from a state-run database that tracks drug prescriptions in Virginia — and then demanded a ransom to return the information.”

Given that healthcare providers will now be “encouraged” by the HITECH Act to more rigorously report even the smallest of breach incidents, these statistics are likely to soar in coming years. This is a wake up call for all of us that organizations anxious to take advantage of Stimulus money for EHR systems must not do so without first taking a hard look at their data breach security vulnerabilities and risks.