Personal data breaches for 4.9 million patients

BLOG PNHP WEBSITE ABOUT PNHP SINGLE PAYER RESOURCES

Personal data breaches for 4.9 million patients

Posted by Don McCanne MD on Thursday, Feb 24, 2011

This entry is from Dr. McCanne's Quote of the Day, a daily health policy update on the single-payer health care reform movement. The QotD is archived on PNHP's website.

Massachusetts General Hospital settles potential HIPAA violations

U.S. Department of Health and Human Services
February 24, 2011

The General Hospital Corporation and Massachusetts General Physicians Organization Inc. (Mass General) has agreed to pay the U.S. government $1,000,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today.

http://www.hhs.gov/news/press/2011pres/02/20110224b.html

And…

Report details health care reform theft

By Susan R. Miller
South Florida Business Journal
February 23, 2011

As the nation moves toward growing use of electronic medical records, data vulnerability becomes increasingly evident.

A new report released on Wednesday by Kaufman, Rossin & Co., showed 4.9 million patients had their personal health information compromised as a result of 166 data breaches that occurred during the first year of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

All of the breaches occurred between Sept. 21, 2009 and Sept. 21 2010, the first year when breach incidents were publicly reported to the Secretary of the Department of Health and Human Services.

http://www.bizjournals.com/southflorida/news/2011/02/23/report-details-health-care-reform-theft.html

And…

athenahealth

An increasing majority of physicians finds that EHRs slow them down during the exam.

Sixty percent of physicians agree with the statement that the EMR/EHR “slows down the doctor during patient exams.”

http://www.athenahealth.com/index.php?open=26

Although Congress gave up on trying to provide health insurance coverage for everyone, they did try to deliver on the promises of higher quality, fewer errors, greater efficiency, increased security of patient health information, and lower costs through measures designed to expand the use of IT (information technology), especially through EMRs (electronic medical records). Are these promises being fulfilled?

Before delivering on the other promises, a health IT system must first, above all, ensure confidentiality of patient information. Today the Department of Health and Human Services released a report confirming that perhaps the most prestigious medical institution in the nation – Massachusetts General Hospital – is being fined $1,000,000 for violation of patient privacy rules. The documents were left on a subway train. Though this was not directly an IT breach, read on.

Yesterday a report was released by Kaufman, Rossin & Co., an accounting firm, that showed that, in the last year alone, almost five million patients had their personal health information compromised due to various other unrelated data breaches.

In this age of cloud computing, personal electronic data can easily be transmitted into cyberspace for all the world to see forever. Sure, the various vendors and stewards of the systems can show you their great security safeguards so there is no need to be concerned. Then how in the… did these 4.9 million patients have their personal health information compromised?

And the other IT promises? We covered this in a qotd last month (Jan. 21) in reviewing an article from PLoS Medicine. Quoting from that article:

“Our systematic review of systematic reviews on the impact of eHealth has demonstrated that many of the clinical claims made about the most commonly deployed eHealth technologies cannot be substantiated by the empirical evidence. Overall, the evidence base in support of these technologies is weak and inconsistent, which highlights the need for more considered claims, particularly in relation to the patient-level benefits, associated with these technologies. Also of note is that we found virtually no evidence in support of the cost-effectiveness claims.”

The highly touted accountable care organizations (ACOs) called for in the Patient Protection and Affordable Care Act are a variety of ill-defined health delivery organizations having only one thing in common: an integrated IT system using EMRs. Not only are these systems expensive and vulnerable to security breaches, the report from athenahealth shows that EMRs also slow down patient care. Why are we placing all our bets on ACOs?

This has all been a distraction that has diverted us from doing what we really need to do – establish affordability and universality through an improved Medicare that covers everyone. Can’t we get on with that task now?

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

PNHP welcomes comments on its blog by its physicians and medical student members, and other health professionals active in the movement for single payer national health insurance. Comments by other readers are welcomed but may not be posted.

You must be logged in to post a comment.

Subscribe to our blog's RSS feed.

About this blog

Physicians for a National Health Program's blog serves to facilitate communication among physicians and the public. The views presented on this blog are those of the individual authors and do not necessarily represent the views of PNHP.

News from activists

PNHP Chapters and Activists are invited to post news of their recent speaking engagements, events, Congressional visits and other activities on PNHP’s blog in the “News from Activists” section.

Personal data breaches for 4.9 million patients

Massachusetts General Hospital settles potential HIPAA violations

Report details health care reform theft

athenahealth

Leave a reply

About this blog

News from activists

Recent Posts

Recent Comments

Categories

Archives