Severe Patient Data Breaches Mar Transition to Electronic Records

According to Obama administration officials, converting paper medical records into electronically-stored data will help reduce health care costs, prevent medical errors and improve patient outcomes. In fact, as part of the push to shift the entire nation to electronic health care records, the U.S. Department of Health & Human Services is providing significant incentive payments to doctors and hospitals as they adopt electronic health record technology throughout 2011.

However, as a growing number of health care providers store patient information electronically, privacy is becoming an acute concern. Considering a recent string of serious medical data breaches and negligence on the part of hospitals, consumer unease about electronic health records is far from groundless.

Millions of Patient Records Leaked In 2011

In March, insurer Health Net disclosed a data breach that involved the loss of nine server drives. In total, over 2 million Health Net members, employees and health care providers were impacted by the data loss. Despite the large number of affected consumers, Health Net waited nearly two months after discovering the medical data loss to make a public announcement.

Another major data breach occurred when the medical files of some 300,000 patients were released publically on the internet. A Southern California consulting firm that represents doctors and hospitals uploaded the medical data to a website they mistakenly believed could only be accessed by employees. The patient records contained everything from Social Security numbers to doctors’ notes.

Early in the summer of 2011, the Department of Health and Human Services announced that they had found numerous data system vulnerabilities at seven large hospitals, and were in the process of inspecting eight more hospitals; the names of the facilities were not released to avoid flagging potential opportunities for hackers.

A federal website known by officials as the “Wall of Shame” details all reported medical data breaches that have affected 500 or more individuals over the past few months; currently, approximately 300 doctors, hospitals and insurers hold a spot on the wall.

Accountability for Breaching Private Medical Data

During the first half of 2011, health care providers paid millions in civil penalties under federal laws meant to guarantee the privacy of personal medical records. Still, some experts are skeptical about whether laws protecting electronic health records are strong enough to prevent serious breaches in the future.

The potential impact of healthcare data breaches and medical identity theft can be severe: one survey found that an average incident of medical identity theft costs victims more than $20,000. Until medical record holders are effectively held accountable for patient data breaches, individual consumers will continue to bear the brunt of the costs associated with health information losses.