electronic medical records at risk from gaping security holes

In theory, electronic medical records could offer benefits in terms of preventing medical errors, coordinating care among medical providers, and reducing health care costs. But even as the medical community works toward converting existing paper records to electronic ones, there are those who are concerned about the possible impact on patient safety and privacy.

As we discussed in our previous post, the Department of Health and Human Services has some concerns of its own. As reported in Kaiser Health News, an Institute of Medicine panel presented some evidence that inaccuracies when creating or updating the computerized records could pose serious risks to patient health. The DHS has urged companies that develop electronic health record systems to cooperate with one another more closely to prevent such harm, but stopped short of calling for additional regulation.

New regulation or not, the fact remains that electronic records which duplicate errors in the original — or that contain additional errors introduced when the record was digitized — place patients needlessly at risk. It is the height of irresponsibility for a health care provider to claim it is somehow safeguarding patients by switching to electronic records (and in many cases receiving taxpayer dollars for doing so) if the accuracy of those records is not assured.

Is more at risk than patient health? Yes.

Aside from the potential for mistakes that cause patients physical harm, there is also the critical question of cybersecurity. If hospital negligence in protecting electronic medical records from attacks by hackers occurs, it could lead not only to patient privacy violations but also to identity theft and potentially disruptive attacks that could destroy hospitals’ medical record databases.

The Washington Post recently completed a year-long analysis of cybersecurity in the health care industry, and the results were not good.

“I have never seen an industry with more gaping security holes,” says the director Johns Hopkins’ Information Security Institute.

The Department of Homeland Security agrees that hospitals’ negligence in providing effective security for these records could present inviting targets for those seeking patient identity information — Social Security and credit card numbers, for example — for criminal purposes.

It doesn’t matter whether hackers are interested in personal data that could allow them to perpetrate identity theft schemes. What matters is that medical information is private, and that reliable medical records are crucial to providing care. Whatever the motivation for breaching the security of medical records, the outcome is that people’s private records — both medical and financial — could easily be exposed.

Do you think the potential benefits of electronic medical records outweigh the safety and privacy concerns they pose? If you are worried about someone accessing your electronic medical record, you should consider contacting your health care providers and ask about their security protocols.

Source: The Washington Post, “Health-care sector vulnerable to hackers, researchers say,” Robert O’Harrow Jr., Dec. 25, 2012

Leave a Reply

Your email address will not be published. Required fields are marked *