Medical Records Vulnerable Targets
Last month I wrote about wide spread data theft from medical centers. Security authorities have been busy offering reassurances that data wasn't compromised and other "reassurances" that some how wasn't very reassuring. US Today reports that identity thieves have been busy preying on medical records, finding them a rich treasure trove of social security numbers and credit information. Sophisticated crime rings use insiders - people who work in medical centers - to help gain access to data and commit ignoble crimes like submitting false claims to Medicare. California and Arkansas are the only states which require a patient be notified when medical records are accessed illegally.
A study commissioned by Kroll Fraud Solutions risk consultants finds that medical centers have focused on medical privacy and compliance while neglecting patient identity theft and other data breaches. HIPPAA compliance measures do nothing to prevent fraud or protect against hackers - they do a great job at preventing patients from getting access to their own records. Medical centers are not required to report or disclose security breaches. It is not even clear that any agency is monitoring this problem but it is clear that health IT experts are ignorant about the costs ($200 per record and $6.3 per incident).
Meanwhile, while the rush is on to implement electronic medical records (EMR) your data may be sold to pharma and other advertisers who underwrite the implementation of EMR. Doctors have been resisting this data mining in which patient information is aggregated and cleansed of identifying features. They are concerned about their prescribing habits being sold back to pharma. Hey, shouldn't we get a discount if our data is sold?
Thank you gayan job for use of image Yathura.