Government told to lead in stopping medical data breaches

Identity theft continues to be a problem for organizations that retain personal information on customers, and a new report suggests the Obama administration’s ambitious health care reform effort could be another area that poses risks.

The report, issued Jan. 15 by the Health and Human Services Department, urges the administration to put safeguards in place as it develops its program. However, the report’s 31 recommendations largely center on evaluating the risk of identity theft, training medical personnel and local law enforcement agencies and evaluating proposed solutions.

Developing the actual measures to prevent or manage data breaches remains up to Congress, the administration and their advisers.

One key safeguard is to let consumers retain ownership of their data, said Edmund Haislmaier, senior research fellow of health policy at the Heritage Foundation.

“From a patient privacy perspective, we have a system open to abuse because it is not patient-centered, it is provider-centered,” he said. “Unless you deal with that issue upfront, then handing out money to doctors and hospitals to buy [information technology systems] isn’t going to get you very far.” Haislmaier’s proposal would have consumers control access to a central repository of their medical information maintained by the government.

The patients could authorize providers and payers to access their entire records or only relevant parts. Each payer and provider would continue to store the health information that is relevant to their treatment of that patient, but they would not have access to the entire record without the patient’s permission.

However, no such system exists. It would have to be built from scratch. The system would also need to include policies to cover emergencies, such as when a patient is unconscious and therefore unable to grant permission to the medical provider who needs access immediately.

State authorities should also be involved in the discussions on health IT investments and medical identity theft, said Jim Pearsol, chief of public health performance at the Association for State and Territorial Health Officials. “I think a collaborative approach will probably be best,” he said.

Data breaches of electronic medical record systems can be doubly dangerous. In addition to the potential theft of Social Security numbers and other information allowing thieves to impersonate people, someone could also alter a patient’s medical history or diagnosis, resulting in incorrect treatments that could be dangerous or fatal. There are also financial and privacy risks.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group