Medical information in medical records can fall into the wrong hands, things can go wrong. Here are 10 scenarios where medical records could be stolen — some you might have expected or encountered, while others could be surprising.
Laptops Left in the Car
“One of the least secure places for your medical data is on a medical staffer’s laptop, especially if it’s left in a car.”
My comments :Medical staff don’t carry medical data in their laptops here in Malaysia, but a doctor could be carrying the medical report for a dignitary or a political figure in his/her laptop left in a car, and political adversaries could target such sensitive information.
Computer Viruses
“Hackers are mainly interested in stealing banking passwords and similar data, but when they infect medical-office computers going after that information, health files often fall into their hands. This is another common way health data are compromised.”
My comments : Our local hackers seem busy defacing Government owned websites rather than infecting medical records office computers going after medical information which do not seem lucrative enough.
But we know of the real threat of computer viruses.in our hospitals, and so more often hear sad stories of lost data from hard days’ work, due to lack of organised backups.
A Surprising Lesson
“A teacher at Naugatuck Valley Community College in Connecticut was discovered to be using patient X-rays from Saint Mary’s Hospital to teach a class on radiology technology. The X-rays contained patient names and physician notes. The hospital apologized.”
My comments : The next time the Radiology Colleges here ask to borrow x-rays for teaching, be wary and do have in place policies, a penny for your thought.
Office Employees
“The staffs at hospitals and the doctor’s office aren’t always looking out for your best interests. Employees have been caught using patient information to file bogus medical claims and tax returns, create “ghost” employees, sell to gang members and pry into the lives of celebrities.”
My comments : How true, here too!
Take That E-mail Back
“Well-intentioned medical workers have also been known to lose patients’ electronic files by sending them in e-mails to the wrong people.”
My comments : A possible scenario in our paper-less hospitals, if there is an option in the software to attach EMRs.
Available on the Web
“Medical providers have inadvertently posted private health data to their public websites. A recent example was Phoenix Cardiac Surgery in Arizona, which was accused of posting surgical appointments on a publicly accessible Internet calendar. The company paid $100,000 in a settlement with the U.S. Department of Health and Human Services and agreed to change its policies concerning patient data.
In another incident, a contractor for Stanford Hospital sent a spreadsheet containing information on 20,0000 emergency room patients to a job candidate as part of a skills test. The job seeker then posted the data on a website, asking for help with the test, according to the New York Times. The hospital severed its relationship with the contractor.”
My comments : For example, if your private clinics group/hospital uses the ever so popular free Google calendar (an Internet calendar), they can be easily embedded into the clinics group/hospital website, and whola, the whole world wide web (W4) audience can view your patients’ details.
Never give out unpublished official data in any form, especially the many spreadsheets we prepare in our statistical reports.
Dumpster Diving
“Much of the health-care industry still uses paper to record sensitive information about patients. Another common way breaches occur is for those documents to be thrown in the trash without shredding. Patient documents, including X-rays, have been found blowing across fields and overflowing from garbage and recycling bins.”
My comments : A common phenomenon in our public hospitals, but surely also in private healthcare institutions.
Cleaning Crews
“Janitorial workers have mistakenly thrown away computers that contained sensitive information. One example occurred last year in Pennsylvania when a cleaning crew for Lebanon Internal Medicine Associates improperly disposed of a computer server that had more than a decade’s worth of patient information. The company said the files were likely inaccessible because of damage to the machine from being submerged in floodwater.”
My comments : Luckily our janitors don’t cart away computers, but surely they could mistakenly pull documents off your desk into their waste-bags, especially if you leave your records and documents/reports so carelessly clustering your workplace environment.
Precious-Metals Miners
“Medical images have value beyond being diagnostic aids. Thousands of X-rays were stolen last year from hospitals in Maryland, Pennsylvania, Massachusetts and other states for their silver content instead of identity-theft purposes.”
My comments : OH, just another familiar scenario here, but our thieves are not that adventurous yet.
Natural Disasters
“Medical files have been found flying around city streets after fires, floods and other natural disasters have scattered the records. These types of breaches are a reminder that while electronic health records are vulnerable to computer hackers, paper records can be vulnerable to Mother Nature.”
My comments : Fortunately, we are sure lucky and blessed that Mother Nature has been extremely kind that we don’t get in Malaysia hurricane Katrina style disasters or Aceh style tsunamis sweeping away our hospitals and the records downstream and clinging onto rooftops.
Abridged, from an original article by Jordan Robertson – May 16, 2012, bloomberg.com, with comments by R. Vijayan
