We have commented many times before that the whole idea of a USB-based (thumbdrive) PHR is simply a dumb idea. Crazy thing is though is that we see these things pop-up every now and then, (here, here and here) including an occasional sighting at a local pharmacy or even grocery store. Can’t figure out why these things keep showing up as no one who is even remotely knowledgeable of IT systems and the inherent risks of USB drives would ever allow some stranger to stick a USB into one of their computers and subsequently their network.
For example, at a conference we recently attended we spoke to a leading healthcare CIO who told us they have gone so far as to plug all the USB slots in computers in ER to prevent someone from inadvertently inserting a consumer’s USB.
But if you don’t believe us, maybe you’ll believe Joel Brenner, Mission Manager for Counterintelligence for the Director of National Intelligence, who characterized USBs as:
…the electronic equivalent of unprotected sex and the biggest source of ETDs (electronically transmitted diseases).
Now that’s reason enough to avoid these USB-based PHRs. Hopefully, those in the business of providing these PHRs will move on and provide something that truly would be a service to their customers.
I know it’s an old post.
I agree that thumbdrives can be dangerous if they contain malicious content. But caring for patients with infections diseases is also dangerous unless appropriate precautions are taken.
Refusing to look at patient provided information because it might be dangerous is no more appropriate than refusing to care for patients that might be dangerous. Rather than plugging every USB port in the ER, better to provide appropriate precautions (policies, procedures, sandboxing software, even standalone off network computers) for reading the info on these thumb drive.
By the way, imaging centers typically provide CD’s with x-ray images to patients to take to the doctor in lieu of film. These CD’s typically have auto executing viewing software. Talk about an opportunity for malicious content.