While there has been plenty of press on privacy and security as it relates to PHR vendors, especially now that Google and Microsoft have jumped into the arena, it is absolutely critical that the press, various “privacy pundits” and the consumer realize that this issue is not just limited to PHR vendors.
Sure, it’s easy to pick on these companies, but honestly, it does not paint an accurate picture as to what the true risks are in the market today as we increasingly move to an environment where our medical records, and for that matter any information about us, will be in digital form. Yes, there are risks, but there are benefits as well, benefits which the majority of Americans are willing to accept in the pursuit of better care.
Now back to those PHR vendors. As I have stated before, the industry as a whole has not done a very good job of policing itself and insuring that the average consumer easily understands the privacy and security afforded to them in a given PHR.
But moving beyond PHR vendors, there are a number of others who also have information on your medical history. Earlier this week, one of the nation’s largest health plans, WellPoint, announced that it had a breach in security that exposed information on roughly 128,000 members. What is particularly disturbing in this case was that these records were exposed on the Internet for over a year and that this was far from an isolated incident at WellPoint.
And WellPoint is not alone. There was the stolen laptop in January that contained records of some 300,000 members of Horizon Blue Cross Blue Shield of New Jersey and the stolen laptop in late February of an NIH researcher with some 3,000 records. And there are many more such incidents you will find by simply doing a Google search.
And who said hospitals were safe? A report just released from the healthcare IT group, HIMSS (Health Information Management Systems Society) found in their survey of 263 HIT professionals that more work needs to be done to better protect and secure patients’ medical records.
This is, dare I say it, a universal issue that will affect any organization regardless of size and where they are in the broad supply chain of medical records, be they payers, providers, researchers, consumers and of course PHR vendors. There are no easy answers here and we may need to simply accept the fact that with the digitization of some of our most important and sensitive information, our medical records and history, that there will be risks which we will all share. Hopefully, the benefits that we will accrue through the adoption ad use of such digital records will outweigh those risks.
[…] pundits” and the consumer realize that this issue is not just limited to PHR vendors.” Article John Moore, Chilmark Research, 10 April […]
Completely agreed. The real issue with “privacy” isn’t evil corporations reselling patient data but inept internal policies and practices in safeguarding in the first place.
Yes MG, it is easier to rant and rave about some big evil corporation mis-using your medical records than it is to dig a little deeper and identify the real security and privacy issues out there today.
Hopefully, the press will wise up, and likewise the public as to where the real risks lie.
[…] 18, 2008 by John While there has been no lack of security breaches in the healthcare sector, despite what many claim as the Holy Grail of privacy protection, HIPAA, […]
I like this theme you are using… what is it?