Not enough is being done to protect patient privacy and data security, according to an article recently published in the New England Journal of Medicine (2013;368:977-979).
The authors write that medical identity theft and data security breaches are growing and that thousands of cases are reported per year. The authors cite statistics from the Centers for Medicare and Medicaid (CMS) services stating that they track almost 300,000 compromised Medicare-beneficiary numbers, and from the Office for Civil Rights which has received over 77,000 complaints of breaches in health information privacy.
These breaches can affect quality of care for patients. “Incorrect information can infiltrate the beneficiary’s medical record and corrupt later medical decisions making,” the authors wrote. “Beneficiaries have been wrongly labeled as diabetic or HIV-positive when people with those conditions obtained services using a beneficiary’s medical identity.” Sometimes, legitimate prescriptions are rejected by pharmacists when records incorrectly show that the patient already received medication.
When the Office of the Inspector General (OIG) began doing compliance audits of hospitals, it was discovered that auditors sitting in “hospital parking lots with simple laptop computers could obtain patient information from unsecured hospital wireless networks.” CMS and the OIG have collaborated to come up with best practices for promoting privacy and data security. Suggestions include the following:
- Install and enable encryption
- Use a password or other user identification
- Install and activate programs that disable and/or erase data from lost or stolen devices
- Disable and do not use file-sharing programs
- Use firewalls to block unauthorized access
- Install and use security software to protect against spyware, malware, viruses and malicious applications. Keep security software up to date.
- Maintain physical control of mobile devices, and research mobile applications before downloading.
- Delete all stored health information on mobile devices before discarding them.
- Use adequate security when sending or receiving health information over public WiFi networks.