Posted by: Arian Eigen Heald
Compliance, data security, HIPAA, medical identity theft, Privacy
What happens when we build a national database, with everyone’s health records? Will everyone get better, less expensive healthcare? That’s the impetus for funding a portion of the stimulus bill to push more health providers into the electronic age.
There are three items to consider, and they are the same ones we must always deal with:
Confidentiality – WHO has access to your health records? Right now hospitals, doctors, pharmaceutical companies and the government have access to your health records. And probably a lot more marketing companies have pieces of information, as well. A online pharmacy clerk in West Overshoe knows all your prescription medications and is paid minimum wage.
Integrity Is your data accurate? Or has someone stolen your medical information to get health care, died, and left you with a rolling disaster?
Availability Can you inspect and correct your data – ALL your data, including any diagnoses? What if you don’t agree with one? Can you delete it?
If you compare the answers, it looks remarkably similar to where your (and my) credit record is right now – in the hands of the data miners. All my data belong to….them.
From a regulatory perspective, the Feds are not providing any real consequences for medical data breaches, or lack of HIPAA compliance. They are waving a large carrot around, instead. Only one or two organizations have actually been fined for non-compliance, despite a large uptick in data breaches. It is left to the outraged patient to sue for damages. There are no clear statistics for medical identity theft, because the appropriate agency isn’t tracking them.
It’s one thing to get information online, another thing to get it online safely. It seems to be a pattern in every industry that data becomes electronic before any thought of security.