Enterprise Imaging's ADVANCE Perspective

Medical Record Bandits

Published May 13, 2008 11:53 AM by Scott Hatfield

Patient information thieves are snooping into hospital-based electronic medical records and stealing credit card and insurance numbers, and any other medical identity data that can turn a profit.

Published accounts appeared in USA Today last week (http://www.usatoday.com/news/health/2008-05-06-privacy_N.htm) of perpetrators, that included hospital employees, downloading checking account numbers or other financial information and selling the information or billing insurance companies and netting millions of dollars.

The report cited a Healthcare Information Management Systems Society (www.himss.org) Analytics survey that revealed 13 percent of the study's health care provider particpants experienced some sort of data breach.

But what's being done to stop the injustice? I contacted HIMSS, and got a response to the article. Here's some advice from Lisa Gallagher, BSEE, CISM, HIMSS senior director, privacy and security.

"Establishing basic safeguards to security can help avoid some of the security issues cited in the USA Today article. Additionally health care organizations must know what employees are doing by monitoring their behavior related to accessing patient information. The compliance officer can conduct random audits or simply, talk to employees about how they access patient records. 'Do they share passwords? Do they provide access to an unauthorized person?' Such conversations can provide both information and insight."

She continued, "It's also important to train all employees who access patient data so that they understand how patient information can, and should, be retrieved. This training must be mandatory, establishing the importance of protecting patient data, while also developing a culture where the security of patient health information is both valued and enforced. Finally, the organization should consider implementing record monitoring/intrusion detection systems on the network and actively review audit logs to detect potential instructions and/or unauthorized access."

The informatics industry also reacted from the manufacturer side with a substantial product announcement expected Thursday, May 15, following the "host of high-profile patient privacy breaches and increased attention to patient medical records." The product will allow patients to specify in advance who is granted access to their electronic health record, what information can be accessed and when.

Heading off to the 2008 Society for Imaging Informatics in Medicine (www.siimweb.org) meeting in Seattle taking place this week, I'm armed with notebook and prepared to find out more solutions from industry. And just for safety, I've cleared all banking information off my personal electronic devices

posted by Scott Hatfield

tags: Informatics

0 comments

add a comment »

	First	Last
Name:*
	Show first name only
Email:*

	Title	Field	Facility
Work:

	City	State
Location:

Comments:

To prevent comment spam, please type the code you see below into the code field before submitting your comment. If you cannot read the numbers in the image, reload the page to generate a new one.

Enter the security code below:

Remember me on this computer

Medical Record Bandits

0 comments

leave a comment

SEARCH

ABOUT THIS BLOG

Navigation

KEEP ME UPDATED

RECENT POSTS

ARCHIVES

BROWSE BY TAGS

HELP