Home  >  Engagement   >   Health Record Security – What’s on your laptop?

Health Record Security – What’s on your laptop?

by John Moore | March 20, 2008

There is a tremendous amount of press with associated pundits pontificating on the issue of security and privacy of electronic medical records (EMR) and personal health records (PHRs). Cries of I’ll never put my information on Google Health or Microsoft’s HealthVault are commonly heard and widely reported.

But it is always easier to point the finger at others, than at one’s self.

This week’s InformationWeek has an absolute must read feature story on the risk of peer-to-peer (P2P networks). While P2P technology is a very viable and useful technology for businesses to use, such as in a research setting sharing for example complex bioinformatics data, P2P has its share of risks as well. Unlike actual theft of data via hacking into data centers, in the P2P world data on one’s laptop is often inadvertently shared via consumer-based P2P applications such as LimeWire.


Source: InformationWeek, March 17, 2008

For example, an employee or a consultant or even you may have sensitive data on your laptop, such as health records. All the recommended security precautions have been taken, but you also have BearShare, LimeWire, Gnutella or some other consumer-centric P2P app loaded on that laptop for music and video sharing. Unbeknown to you, however, is that if you have not configured the P2P app properly prior to use, you open the doors to not only share music and video data, but other files as well, including those health records.

It was a similar situation such as this that led to the very public data breach at Pfizer last summer as well as the inadvertent release of a terrorist threat assessment report by Booz-Allen Hamilton for the Chicago Transit Authority. And despite these clear security breaches, InformationWeek demonstrated in this article just how easy it is today to go out and find all sorts of files, (the reporter even found a nice set of health records) if you know what you are doing and where to look.

Now I am a strong believer in a consumer’s right to have control over their health records and if they have those records stored within an online PHR, that security and privacy are held paramount. I have also posted previously that I believe that PHR vendors have not been pro-active enough on ths issue. But what I am increasingly having a problem with are the sensationalist organizations such as the World Privacy Forum and the general press that are looking for quick sound bites without having to do any investigative reporting. As the above issue on P2P security clearly illustrates, maybe the problem with security and privacy of sensitive records such as health records is not “out there” on Google Health, HealthVault, WebMD or some other health record service but right “in here” within our own computers, those of a consultant or even the computer my doctor is using.

Time to take some personal responsibility folks.

And by the way, are you using P2P, or more importantly, do you share your computer with other family members, say a teenager who has downloaded a P2P app on to that computer? Don’t say I didn’t warn you.

One response to “Health Record Security – What’s on your laptop?”

  1. […] on Google Health or Microsoft’s HealthVault are commonly heard and widely reported.” Article John Moore, Chilmark Research, 20 March […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay up to the minute.