Government told to lead in stopping medical data breaches

Identity theft continues to be a problem for organizations that retain personal information on customers, and a new report suggests the Obama administration’s ambitious health care reform effort could be another area that poses risks.

The report, issued Jan. 15 by the Health and Human Services Department, urges the administration to put safeguards in place as it develops its program. However, the report’s 31 recommendations largely center on evaluating the risk of identity theft, training medical personnel and local law enforcement agencies and evaluating proposed solutions.

Developing the actual measures to prevent or manage data breaches remains up to Congress, the administration and their advisers.

One key safeguard is to let consumers retain ownership of their data, said Edmund Haislmaier, senior research fellow of health policy at the Heritage Foundation.

“From a patient privacy perspective, we have a system open to abuse because it is not patient-centered, it is provider-centered,” he said. “Unless you deal with that issue upfront, then handing out money to doctors and hospitals to buy [information technology systems] isn’t going to get you very far.” Haislmaier’s proposal would have consumers control access to a central repository of their medical information maintained by the government.

The patients could authorize providers and payers to access their entire records or only relevant parts. Each payer and provider would continue to store the health information that is relevant to their treatment of that patient, but they would not have access to the entire record without the patient’s permission.

However, no such system exists. It would have to be built from scratch. The system would also need to include policies to cover emergencies, such as when a patient is unconscious and therefore unable to grant permission to the medical provider who needs access immediately.

State authorities should also be involved in the discussions on health IT investments and medical identity theft, said Jim Pearsol, chief of public health performance at the Association for State and Territorial Health Officials. “I think a collaborative approach will probably be best,” he said.

Data breaches of electronic medical record systems can be doubly dangerous. In addition to the potential theft of Social Security numbers and other information allowing thieves to impersonate people, someone could also alter a patient’s medical history or diagnosis, resulting in incorrect treatments that could be dangerous or fatal. There are also financial and privacy risks.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.