Wednesday, March 20, 2013
The New England Journal Of Medicine Weighs In On Information Security In Health
This appeared a little while ago.
N Engl J Med 2013; 368:977-979 March 14, 2013 DOI: 10.1056/NEJMp1215258
On December 4, 2012, two Australian radio DJs called London's King Edward VII's Hospital, identified themselves, in fake British accents, as Queen Elizabeth and Prince Charles, and asked about a celebrity patient who had been admitted for pregnancy complications. A nurse, filling in at the reception desk in the early morning hours, answered the phone and, without attempting to verify the callers' identities, transferred them to the duty nurse caring for the Duchess of Cambridge. The duty nurse then provided them with confidential patient information.1 The Australian DJs broadcast the phone call, considering it a humorous prank, but as the world knows, it had disastrous consequences.
How confident are U.S. hospitals, nursing homes, and physicians' offices that their staff would appropriately deny patient information to an unknown caller?
Too often, unauthorized people succeed in extracting protected information from health care providers. Invasion of privacy also affects noncelebrities, when anyone seeks health information the patient has not chosen to share. More often, though, scam artists seek patients' billing information for financial gain. The patient's insurance identifier is then used by an uninsured person to obtain medical services or by a fraudulent health care provider to bill for medical services that were never rendered. Data security breaches and medical identity theft are growing concerns, with thousands of cases reported each year. The Centers for Medicare and Medicaid Services (CMS) tracks nearly 300,000 compromised Medicare-beneficiary numbers.2 The Office for Civil Rights has received more than 77,000 complaints regarding breaches of health information privacy and completed more than 27,000 investigations, which have resulted in more than 18,000 corrective actions.3
The full article and references are found here:
Usefully they have provided a good summary of privacy and security safeguards. See here:
Additionally there is a useful set of steps to secure mobile devices.
· Install and enable encryption
· Use a password or other user authentication
· Install and activate wiping, remote disabling, or both to erase data on lost or stolen devices
· Disable and do not install or use file-sharing applications
· Install and enable a firewall to block unauthorized access
· Install and enable security software to protect against malicious applications, viruses, spyware, and malware-based attacks
· Keep security software up to date
· Research mobile applications before downloading
· Maintain physical control of mobile devices
· Use adequate security to send or receive health information over public Wi-Fi networks
· Delete all stored health information on mobile devices before discarding the devices
* Recommended by the Office of the National Coordinator for Health Information Technology.
All in all a good one for the reference files.
Posted by Dr David G More MB PhD at Wednesday, March 20, 2013