Not enough is being done to protect patient privacy and data security, according to an article recently published in  New England Journal of Medicine.

Medical identity theft and data security breaches are growing with thousands of cases reported per year, Julie K. Taitsman, MD, JD, of the Office of Inspector General in the U.S. Department of Health and Human Services, in Washington, DC, and colleagues report. Citing statistics from the Centers for Medicare and Medicaid (CMS) services, the authors stated they have tracked almost 300,000 compromised Medicare-beneficiary numbers.

Furthermore, data from the Office for Civil Rights indicates it has received more than 77,000 complaints of breaches in health information privacy. These breaches can affect quality of care for patients.

“Incorrect information can infiltrate the beneficiary’s medical record and corrupt later medical decision making,” Taitsman and colleagues wrote. “Beneficiaries have been wrongly labeled as diabetic or HIV-positive when people with those conditions obtained services using a beneficiary’s medical identity.”

Pharmacists sometimes reject legitimate prescriptions when records incorrectly show that the patient already received medication. When the Office of the Inspector General (OIG) started compliance audits of hospitals, it was discovered that auditors sitting in hospital parking lots with simple laptop computers could obtain patient information from unsecured hospital wireless networks.

In response, CMS and the OIG have collaborated to come up with best practices for promoting privacy and data security. Suggestions include the following:

  • Install and enable encryption systems
  • Use a password or other user identification
  • Install and activate programs that disable and/or erase data from lost or stolen devices
  • Disable and do not use file-sharing programs
  • Use firewalls to block unauthorized access
  • Install and use security software to protect against spyware, malware, viruses and malicious applications
  • Keep security software up to date
  • Maintain physical control of mobile devices
  • Research mobile applications before downloading
  • Delete all stored health information on mobile devices before discarding them
  • Use adequate security when sending or receiving health information over public WiFi networks.

References

  1. Taitsman JK et al. N Engl J Med. 2013; 368:977-979.