The Importance of Securing Medical Information

Today, a great deal of sensitive information is available online. With an ongoing shift of patient’s medical records from analog to electronic, and an increasing desire for patients to access their information remotely, a much greater pressure has been placed on those who secure this information. No longer is the theft of medical information simply a matter of keeping doors locked and information in the right physical hands. Now that this information is available via an internet connection, it has become far more vulnerable to being put in the wrong hands. According to a report from Redspin, Inc., a company dedicated to providing information security assessments, “incidents [involving health security breaches] have been reported in nearly all 50 states and the total number of records breached increased 97%” from 2010 to 2011(The Sacramento Bee).

With this in mind, doctors and patients must now figure out new ways to ensure that patients’ records are accessible remotely while not being able to be accessed by eavesdroppers, how medical information can be transferred from hospital to hospital without  being intruded upon, and how all of this can be managed with the information intact and unmodified.

The importance of keeping medical information secure and intact begins with the fact that doctors have to rely on this information to make proper diagnoses. If this information is modified in any way, no matter how small it may be, there may be the possibility of an incorrect diagnosis that could lead, if it becomes severe enough, to further medical problems and death(Ivanov, Yu and Baras). Another more immediate problem that could come if your medical information is stolen or modified is the fact that you may be charged for large bills in your name, potentially maxing out your health care plan and putting you into serious debt(Coalition Against Insurance Fraud) .

Thankfully, there are several current medical policies that help to prevent these kinds of things from happening. The Health Insurance Portability and Accountability Act of 1996(HIPAA) is currently set up in order to provide a blanket of security over your medical information. According to the act’s guidelines, most information relating to your health records is to be kept private between you and your health care provider unless you specifically give written permission for it to be shared with anyone other than yourself or your healthcare provider(HHS.gov). This can help to safeguard your information from those who would use your information for unethical reasons. Most of the states will also have other laws on top of that to provide a further layer of security (Movers.org).

However, there are still some vulnerabilities in the system. What happens if you sign to give information to an organization that appears to be legitimate, but turns out to be nothing more than a facade for the very people who covet these records for their value? What would happen if someone was able to obtain this information through bribery or theft of your own means of identification? What if an attacker was able to somehow break through the encryption keys on your medical records?

Even with these questions in mind, there are many different ways that you can keep your information secure and out of the hands of thieves, including:

  1. Keeping your medical insurance card protected and notifying your insurance company immediately after you lose it or have it stolen (Silver Planet)
  2. Being more wise in choosing what clinics you are giving your information to, avoiding clinics that advertise with gimmicks (Silver Planet)
  3. Making sure that the information provided by your insurance company through their explanation of benefits (EOB) forms is accurate, including your doctor’s names (Silver Planet) and treatments that you have received (CAIF)
  4. Calling your insurance provider or asking your doctor for a summary of medical procedures made in the last year (Silver Planet)
  5. Always reviewing your medical information before you go under surgery, no matter the scale (Silver Planet)

With today’s technologies making a great deal of information available over the internet, including medical information, there has been an increase in people who are able to find ways to obtain this information through illegal means. This has put a great stress on patients, doctors and maintainers of medical information to keep this information safe due to the severe consequences that could come if the security weakened in any way. With this in mind, several new polices have made the protection of this information more streamlined and easier to enforce. However, the best and most assured way to secure this information is to take steps to protect it yourself.

That said, if you suspect that something is fishy with your medical records, through the means provided or otherwise, contact the authorities as soon as possible(CAIF). You life may be on the line.

Sources:

http://www.sacbee.com/2012/02/01/4230093/redspin-reports-on-the-state-of.html

http://www.insurancefraud.org/medical_id_theft.htm

http://www.isr.umd.edu/~baras/publications/journals/Ivanov_Yu_Baras_Securing_communication_of_medical_information.pdf

http://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html

http://www.movers.com/moving-guides/transferring-medical-records.html

http://www.silverplanet.com/scams/identity-theft/real-threat-medical-identity-theft/56573

Advertisements

3 thoughts on “The Importance of Securing Medical Information

  1. While I definitely understand the importance of keeping medical records private, it seems like the only focus of people being out raged over privacy security is the medical field. I have to say I am much more outraged over the Patriot Act – it is a massive violation of our civil liberty and privacy. In fact, conceivably complete medical privacy could exist, and the Patriot Act would make it utterly ineffective.

  2. Just curious, but are there any kind of required standards in place for security policies regarding hardware and software use for this type of medical record digitization? You mentioned HIPAA which regulates who is supposed to be able to access what types of information but does this act cover specific medical record software, or network systems? It is very necessary to have some sort of requirements in place for who is theoretically allowed to access digital medical records but what if a specific medical company implements these access controls poorly. A hospital could easily follow HIPAA regulations for health plan availability but still lack security by using outdated, insecure software, operating systems and weak network security. I would be curious to know if this sort of thing is provisioned for under HIPAA or if it could still be an unregulated issue that is up to specific medical providers discretion.

    • As far as I know it isn’t. The reason why is that most regulators don’t have a clue as to what is considered secure. They also don’t want to make HIPPA so specific that it becomes stagnate in a few years because a vulnerability that is discovered in whatever technology they recommend. That’s why when you generally read the regulations like HIPPA, Sarbanes Oxley Act or the NYS Information Security Breach and Notification Act they use generalized terms like “encrypted” to give wiggle room in the act so it can remain relevant.

      If you end up taking Information Security Policies (4050-360) they discuss that stuff is more detail.

Comments are closed.