The Wall Street Journal’s Health Blog has a post this morning highlighting another breach in medical record security, this time some 50,000 records or so at New York Presbyterian Hospital/Weill Cornell Medical Center.
4.15.08
Note: Going through some older emails, found this story as well from Georgia on ZDNet where some 71,000 records were exposed for several weeks due to some absolutely stupid and clumsy work. Until people are slapped with some very serious fines for making such blunders, these occurrences will become increasingly commonplace.
What is surprising here (and then again maybe not) is that it appears that medical records themselves (patient history & treatment(s)) were not the objective of the ID theft, but those tried and true bits of information such as name, SS number, addresses, etc. that there is already a market. Maybe all the concerns about the theft of medical information is not as big an issue as there may be little interest in such information among thieves – at least I haven’t heard of any examples to date where this information has ben used in a nefarious manner. Unless of course you happen to be Brittany Spears, Farrah Fawcett, George Clooney or some other celebrity, for which we all know the National Enquirer will pay a princely sum for such info.
Concern about privacy and security of medical records is an issue, no doubt, but what this example shows is that breaching such is relatively easy to do and maybe the public should be more concern with the privacy and security practices within medical practices than what Google, Microsoft or other companies looking to provide consumers tools to manage their own medical records are doing. We may indeed find that the latter are indeed more secure than the former.