Today, Intersections' Consumer Security Adviser Neil O'Farrell writes about the security risks to your identity within our health care system.
The real title of this post should be "Why Global Cybercrime Might Be the Best Motivation for a Healthier Lifestyle." You see, last month I attended a closed-door security meeting where a government cyber security expert admitted quite readily that we have all the necessary technology in place to put everyone's medical records online. The technology would make it much easier for patients and doctors to instantly access and share medical information, and as a result significantly reduce healthcare red-tape and costs in the United States. There was just one small obstacle — security.
It's been widely accepted for years that keeping online patient records private and secure would be a security nightmare. It's a simple admission that if the bad guys are determined enough, and the prize is big enough, nothing is completely safe.
A week later I was reading a report from global financial consultant Deloitte called “Privacy and Security in Health Care: A Fresh Look.” It wasn't just a fresh look, but a very scary one that might make you think twice the next time a doctor or hospital asks you for your personal information.
For example, the report found that:
• The health care industry is particularly susceptible to data fraud and medical identity theft due to the nature and content of the data it creates, collects, and stores.
• The health care industry is a treasure trove of sensitive data that includes Social Security numbers, insurance identification numbers, payment information, and medical provider identification numbers that enable criminals to file fraudulent claims that often go undetected for long periods of time.
• In 2009, 66% of all data breaches occurred at health care organizations and approximately one third of these data breaches resulted in medical identity theft.
• The total economic burden created by data breaches in the health care industry is nearly $6 billion annually.
• Most health care organizations admit they have little or no protection in place to prevent, monitor, or remedy data breaches.
• Funds to implement privacy and security safeguards are minimal to non-existent in operating budgets.
The report cited a variety of reasons why the health care industry is particularly susceptible, and none of it bodes well. Reasons include:
• Gaps in federal privacy regulations.
• Lack of enforcement of existing legislation.
• Increased automation and computerization, including things like e-prescribing, data warehousing, and access to patient data through mobile devices.
• The pervasiveness of social media.
• The curiosity of health care workers and hospital staff who often view private patient records they shouldn't be looking at.
According to the Spring 2010 National Survey of Hospital Compliance Executives, nearly 85% of hospitals are not in compliance with the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Breaches at these hospitals are up over 120%, and 41% of hospitals now have ten or more data breaches annually. And in spite of a tidal wave of privacy and security legislation created to address just these massive and glaring problems, 56% of hospitals expect new health care reform law to either make no difference or to actually increase medical identity theft.
So the next time you ask your doctor why he or she still relies on reams and reams of paperwork, and not so much on all the simple, powerful, and affordable data sharing technologies available to them, you might bite your lip first.
The sad truth is that not only is the security industry unable to ensure the protection of your most personal medical data, the health care industry is probably the worst possible guardian and couldn't guarantee security and privacy even if they had all the technology tools and processes in the world.
Access to your medical records online is still a long way into the future because health care security is still so far behind. Until it catches up, the best prescription is to stay healthy. The less often you have to visit a doctor or hospital, the fewer records they have to lose. Who knew that global cybercrime would turn into a motivation for healthier living?
Keep informed about the latest threats to your safety.