Government told to lead in stopping medical data breaches

Identity theft continues to be a problem for organizations that retain personal information on customers, and a new report suggests the Obama administration’s ambitious health care reform effort could be another area that poses risks.

The report, issued Jan. 15 by the Health and Human Services Department, urges the administration to put safeguards in place as it develops its program. However, the report’s 31 recommendations largely center on evaluating the risk of identity theft, training medical personnel and local law enforcement agencies and evaluating proposed solutions.

Developing the actual measures to prevent or manage data breaches remains up to Congress, the administration and their advisers.

One key safeguard is to let consumers retain ownership of their data, said Edmund Haislmaier, senior research fellow of health policy at the Heritage Foundation.

“From a patient privacy perspective, we have a system open to abuse because it is not patient-centered, it is provider-centered,” he said. “Unless you deal with that issue upfront, then handing out money to doctors and hospitals to buy [information technology systems] isn’t going to get you very far.” Haislmaier’s proposal would have consumers control access to a central repository of their medical information maintained by the government.

The patients could authorize providers and payers to access their entire records or only relevant parts. Each payer and provider would continue to store the health information that is relevant to their treatment of that patient, but they would not have access to the entire record without the patient’s permission.

However, no such system exists. It would have to be built from scratch. The system would also need to include policies to cover emergencies, such as when a patient is unconscious and therefore unable to grant permission to the medical provider who needs access immediately.

State authorities should also be involved in the discussions on health IT investments and medical identity theft, said Jim Pearsol, chief of public health performance at the Association for State and Territorial Health Officials. “I think a collaborative approach will probably be best,” he said.

Data breaches of electronic medical record systems can be doubly dangerous. In addition to the potential theft of Social Security numbers and other information allowing thieves to impersonate people, someone could also alter a patient’s medical history or diagnosis, resulting in incorrect treatments that could be dangerous or fatal. There are also financial and privacy risks.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.