Today it was reported by the Washington Post that a government laptop computer that held medical information on 2,500 patients enrolled in a National Institutes of Health study was stolen in February. According to the article the breach potentially exposed “seven years worth of clinical trial data, including names, medical diagnoses and details of the patients’ heart scans.” There was no breach of social security numbers, phone numbers or addresses. As the information was mainly scientific in nature it is believed there is low probability that this data can be used for identity theft. My issue with this situation was how it was handled by the NIH. Rather than informing patients of the stolen laptop immediately the decision was made by NIH officials to stay quiet as to not provoke “undue alarm“. The decision to not inform the public speaks to the over sensitivity to patient data security, I doubt if many of 2,500 patients are overly concerned about their medical information being breached. This is not to say that the information should not be protected, if NIH officials are going to carry patient information on a laptop or any portable device that information needs to be encrypted (this laptop apparently was not). The NIH and any healthcare organization should confess to security issues immediately, the idea that there will be mass alarm over such an incident is not an excuse to withhold information. Plus, this is health information not an imminent national security threat. I have touched on this before , but this incident shows why the healthcare industry is so slow to adopt technology it’s the industries lack of understanding of how to use technology more so than the technology itself. As more patient information is placed on electronic medical records issues of security will undoubtedly occur and with more frequency and likely with greater consequences to individuals, however these growing pains will be necessary in order to create a more efficient and effective healthcare system. Those in control of healthcare information need to trust that the public will react appropriately when there are security issues. Not doing so will only make the public more leery and stifle an already slow process.
- Why do Docs resist the internet???
- Papa Johns earns over $1 billion in revenue from online pizza ordering
- Doctors, protect yourself from bad technology investments
- Putting Health Care IT into Perspective
- Controversy over Medical Giveaways
- Insurance shopping site raises $6.5MM
- SavvyDoc Startup Review: CureHunter, Semantic Search for Disease Info
- Further thoughts on reducing health care costs
- What does a Chicago sandwich shop have in common with SavvyDoc?