Medical records in the digital age

by
in security on (#3PD)
story imageThe medical field isn't exactly embracing the digital revolution, although it's quick to implement scientific progress in other areas. Trapped in a mess of legal, privacy, and insurance regulations and hampered by financial disincentives to implement digital record keeping, many medical centers still rely on voluminous paper records. But that's changing, and with change comes good news and bad.

First come the breaches of privacy. In Cincinnati, a woman is suing the University of Cincinatti Medical Center after a medical clerk posted the woman's medical records (showing name and diagnosis of syphilis) to Facebook's page "Team No Hoes." Privacy is also compromised when medical records become part of court hearings, as many legal cases become part of public record and are searchable online.

But these risks were part of the paper system as well. Recently, a huge number of paper medical records turned up in York, UK, and Michael Schumacher's paper records seem to have been stolen and put up for sale.

So what do we need to keep sensitive, personal, medical information private? Think quickly, because already some doctors can access your medical records via Google Glass as they talk to you.
Reply 8 comments

Penalties (Score: 0)

by Anonymous Coward on 2014-06-23 21:32 (#28F)

Any breach yields immediate loss of medical licenses and mandatory fines, no trial or arbitration.

Clean and simple. Anything less, such as the current tremendously vague HIPAA regulations and corresponding lack of enforcement, means nothing but business as usual as "privacy" becomes a distant memory.

Re: Penalties (Score: 0)

by Anonymous Coward on 2014-06-23 22:37 (#28G)

Not fines, damages paid to those affected.

Re: Penalties (Score: 1)

by carguy@pipedot.org on 2014-06-24 01:31 (#28N)

Is it ever be possible to take ownership and control of your own records? 25 years ago I was able to take my X-ray films away from an independent X-ray clinic (to transport the film to my GP), and then I kept them. Probably not so easy to do that today.

Re: Penalties (Score: 1, Insightful)

by Anonymous Coward on 2014-06-24 01:43 (#28P)

Probably extremely difficult. In that example, there is likely no film anymore.

How would you even verify that the records were fully expunged? Surely they have backups, as well as shared copies with your GP and maybe insurance as well.

HIPPA is too much **and** too little (Score: 0)

by Anonymous Coward on 2014-06-26 02:49 (#299)

HIPPA blocks access by people who should have it, and it allows access by those who shouldn't.

I don't want my insurer to have any details, and I certainly don't want their "contractors" and "authorized agents" to have any info at all.

Pretty much any doctor will have you waive your rights anyway. No waiver means no service. This shouldn't be possible.

On the other hand, some things need to be made known. Medical bills need to be made available to anybody you have financial entanglements with. This includes all people with whom you might share a budget in the recent past or future. Contageos (WTF spelling...) diseases should require notification of any and all who might have received or supplied the disease. People living in the same house, or intending to do so (marriage license) ought to get everything, without exception.

MyGov (Score: 0)

by Anonymous Coward on 2014-06-23 22:40 (#28H)

Australian government is forcing tax payers who use the ATO to lodge online to register with the DHS MyGov system. MyGov will include Child Support, Centrelink, Medicare and other major government departments. This means that if an Australian MyGov account is hacked they get everything. Tax file number. Child support information. Bank account information. Medical records. Lots of data.Recently MyGov was shown to have serious security flaws. Exposure of gigabytes of user data. Many people refuse to have their medical information stored in the PEHCR linked to MyGov.The takeup has not been as much as the government expected.

She's suing? (Score: 1)

by unitron@pipedot.org on 2014-06-24 10:08 (#28R)

Why isn't she under arrest for having vivesected that clerk?

Re: She's suing? (Score: 1)

by zafiro17@pipedot.org on 2014-06-24 14:30 (#28X)

There seems to be more to it that that - notice there is some incident also involving posting of information relating to her boyfriend or something. This is probably a case of poorly-educated individuals doing menial-labor clerk jobs at a hospital, who are given more access than they deserve, and abusing that privilege to engage in cheap retribution and personal attacks. I say fire the lot of them, hire and train more responsible staff, and move on before the scandal ruins the reputation of your hospital. As for syphlilis, she must have gotten it from someone, so she's not guilty alone, at any rate.