This last month has been hell for those charged with protecting the privacy of health care information. Reports of big breaches in privacy and security are hitting us almost daily. In February alone:
- John Hopkins University and John Hopkins Hospital reported the loss of data tapes containing information on thousands of university employees and patients;
- The Birmingham Veterans Affairs Medical Center announced that non-encrypted computer hard drive was missing and about 535,000 veterans and 1.3 million doctors were affected. Some VA research activities have been suspended as a result;
- Personal information on nearly 200,000 members of health insurer WellPoint Inc. was stolen from the office of a company vendor. The majority of people affected are Anthem Blue Cross and Blue Shield members in Kentucky, Indiana, Ohio and Virginia; and
- A laptop theft compromised the private information of 22,000 patients at Kaiser Permanente’s Medical Center in Oakland. Kaiser has announced they are implementing a new system-wide policy that prohibits storage of member data on the hard drive of any desktop, laptop or mobile device.
And the month is not over yet! The list goes on, and on, and really on.
Disturbing little facts: One in ten laptops will be stolen during their lifetime; More than 1,100 laptop computers have vanished from the Department of Commerce since 2001, including nearly 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers.
In January, the Government Accountability Office (GAO) issued a report critical of the Department of Health and Human Services (DHHS) efforts to protect electronic personal health information. The GAO observed that DHHS had “not yet defined an overall approach for integrating its various privacy-related initiatives and addressing key privacy principles, nor has it defined milestones for integrating the results of these activities.”
Following these events, the leader of a federal panel charged with providing privacy recommendations for the national health information network, Paul Feldman, resigned, thwarted, he said, in efforts to develop adequate standards.
“We already know that the majority of people in this country fear that their health information is more prone to misuse in electronic form,” Feldman said. “We must not shirk our duty to protect them from such harm.”
So say he, so say all of us.
