The Redspin consulting firm released a report that includes some shocking information about patient health record data breaches this past year. The report highlights one thing that seems certain: the rush to adopt electronic health record (EHR) systems at hospitals, clinics, and health care contractors is coming at the price of security for those records.
As we’ve outlined before here at MedeFile and as I will continue to say, security is not only the most important factor in any record keeping system that involves health records that can be identified with individual patients, but the most common means of stealing those records is through physical theft of the files, often from third-party vendors or providers to whom the data was outsourced for billing, lab work, or other related services.
The Redspin report shows that between 2010 and 2011, the number of patient records compromised jumped by a gut-punching 97%. That’s a near doubling of the data breaches in only one year ñ and 2010 wasn’t a stellar year either.
The top reason to steal patient health records, according to Redspin, is to commit insurance fraud (usually Medicare, which is a laughingly easy target). Thieves will steal the identities of the patients and then use front companies to submit fraudulent claims on their behalf for services never rendered.
Medical records are also an easy way for thieves to reconstruct IDs for bogus driver’s licenses or birth certificates and even Social Security cards.
Malicious attacks that don’t include remote hacking ñ meaning the person was on-site or physically had access to the computers on which the data was stored ñ make up 60% of all breaches to EHRs. Nearly all of the other 40% are breaches of physical records (paper) with only a tiny fraction of all breaches being sophisticated network hacking attempts like those often portrayed in the movies or television.
Interestingly, the number of breaches didn’t grow by much year-on-year, but the number of records compromised in each breach nearly doubled, making each of the times a theif got access to records more lucrative for the thief in terms of the number of records stolen.
So two things are very clear from this latest Redspin report: not enough is being done to educate workers about keeping private patient information safe and not nearly enough is being done to ensure that third party vendors to whom hospitals and clinics outsource information are keeping those records private.
The faster we adopt EHR standards, the more of these breaches we’re going to have if we don’t address these important security issues.
Leave a Reply
You must be logged in to post a comment.