Government told to lead in stopping medical data breaches

Identity theft continues to be a problem for organizations that retain personal information on customers, and a new report suggests the Obama administration’s ambitious health care reform effort could be another area that poses risks.

The report, issued Jan. 15 by the Health and Human Services Department, urges the administration to put safeguards in place as it develops its program. However, the report’s 31 recommendations largely center on evaluating the risk of identity theft, training medical personnel and local law enforcement agencies and evaluating proposed solutions.

Developing the actual measures to prevent or manage data breaches remains up to Congress, the administration and their advisers.

One key safeguard is to let consumers retain ownership of their data, said Edmund Haislmaier, senior research fellow of health policy at the Heritage Foundation.

“From a patient privacy perspective, we have a system open to abuse because it is not patient-centered, it is provider-centered,” he said. “Unless you deal with that issue upfront, then handing out money to doctors and hospitals to buy [information technology systems] isn’t going to get you very far.” Haislmaier’s proposal would have consumers control access to a central repository of their medical information maintained by the government.

The patients could authorize providers and payers to access their entire records or only relevant parts. Each payer and provider would continue to store the health information that is relevant to their treatment of that patient, but they would not have access to the entire record without the patient’s permission.

However, no such system exists. It would have to be built from scratch. The system would also need to include policies to cover emergencies, such as when a patient is unconscious and therefore unable to grant permission to the medical provider who needs access immediately.

State authorities should also be involved in the discussions on health IT investments and medical identity theft, said Jim Pearsol, chief of public health performance at the Association for State and Territorial Health Officials. “I think a collaborative approach will probably be best,” he said.

Data breaches of electronic medical record systems can be doubly dangerous. In addition to the potential theft of Social Security numbers and other information allowing thieves to impersonate people, someone could also alter a patient’s medical history or diagnosis, resulting in incorrect treatments that could be dangerous or fatal. There are also financial and privacy risks.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.