Under the economic stimulus bill and other U.S. federal government proposals, hospitals and doctors' offices that invest in electronic records systems may receive compensation from part of a $29 billion fund. However, such systems can be vulnerable to security breaches.
Last year health organizations publicly disclosed 97 data breaches, up from 64 in 2007, including lost laptops with patient data on them, misconfigured Web sites that accidentally disclosed confidential information, insider theft, and outside hackers breaking into a network. Because most health-care organizations keep patients' names, Social Security numbers, dates of birth, and payment information such as insurance and credit cards, criminals often target these places for identity theft.
"Healthcare is a treasure trove of personally identifiable information," says Secure Works researcher Don Jackson. The U.S. Federal Trade Commission says medical fraud is involved in about 5% of all identity theft. Smaller practices can become easier targets, as they rarely have a technology professional or security specialists, and often lack a security plan or proper tools. The government plans to release guidelines over the next year, as part of the stimulus bill, to illustrate a secure information system, but critics warn that data encryption and other security functions are worthless if they are not correctly used. "If you take a digital system and implement it in a sloppy way, it doesn't matter how good the system is," says World Privacy Forum executive director Pam Dixon. "You're going to introduce risk."
From The Wall Street Journal
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA
No entries found