The Death of Doctor-Patient Confidentiality
The Unintended (OK…more like the completely obvious) Consequences of Electronic Medical Records
HLSensory Overload: We’re Everywhere You’re Going To Be
Your priest, your dog, and your doctor were thought to be those that you could trust with keeping your secrets….and of course your lawyer if you want to pay for privacy, but in 2015 you may want to consider removing your doctor from the list.
The federal government is requiring that all doctors convert to electronic health records that are universally available “whenever and wherever” needed. With nearly 5,700 hospitals and over 230,000 physician practices in the U.S and a requirement that they all have access to each others’ databases, how could that system EVER be hacked or compromised? The massive connectivity that makes your medical records available to the staff in some remote emergency room you ended up in while on vacation also makes them available to remote hackers. The system doesn’t even need to be hacked. Unscrupulous health care workers that have access could easily compromise health care information and sell it to equally unscrupulous insurance companies with little chance of getting caught.
Technological “improvements” have completely changed the way that the medical community collects and uses personal electronic data about you. Just five years ago, little electronic medical data was available aside from minimal use of electronic medical records, appointment data, and some electronically captured lab or test results such as CT scan records. Today, not much about your medical condition is not available electronically — which means accessing the data is easier than ever. In fact the federal government mandates that doctors who see Medicare or Medicaid patients switch over to electronic records or face payment penalties when seeing these patients.
More information about e-health records can be found at: http://www.healthit.gov/providers-professionals/learn-ehr-basics
Electronic medical records, including insurance billing information related to medical care procedures are the most common type of data that is collected and can be hacked. In addition, much of what is collected may be publically available.
Legally mandated controls and privacy standards in most states as well as those mandated by the federal government help protect this information and failure to use safeguards result in hefty fines for violations. However, other systems that may populate medical records present a new opportunity for infringing on your privacy.
EMS responders have increasingly relied on the collection of audio and video data to assist in the treatment of the sick and injured.
Emergency medical services (EMS) responders have leveraged a great deal of technology to help provide better care for those that experience an illness or injury. In addition to electronic medical records, EMS providers are able to send very detailed medical data through the internet to hospitals which may include data indicating a heart attack or stroke has occurred, a wide range of vital signs data, photographs of patients in their homes, work place, and in public; and audio/video recordings.
The collection of this data by EMS is intended to provide doctors awaiting the patient’s arrival in the hospital with more information earlier so that upon arrival at the emergency department, the patient is treated in the most expedient fashion possible.
Medical data is the paparazzi’s pot of gold at the end of the media rainbow.
If you are wondering why someone would want to access and then publish medical data collected from EMS or physicians, unfortunately the answer is not pretty. Medical data can be used in child custody cases, divorces, business settlements, or as fodder for attacking a person’s character. The media also has a great interest as a means to scoop a story about a celebrity or elected official.
The death of Michael Jackson was captured on 911 audio recordings which are public records, intended to be used for quality and improvement.
Medical devices are often collecting photographic and audio information on the scene of an emergency. This means that someone could be caught in an embarrassing or comprising position and have those images end up posted to social media either as an unthinking post or as part of a blackmail or smear campaign. Since most of the data collected by EMS responders is transmitted through the Internet, the savvy hacker would have little difficulty in retrieving the data if they knew when it was being transmitted. The greater risk is once the data is received on the other end (hospital or insurance company) and placed on a server, then it becomes easier to search for specific information, make copies of the data, and package it for distribution.
So if your health insurance rates suddenly skyrocket, or you suddenly start getting online ads for all the medicines that you currently take, thank a hacker.
