When it comes to protecting the privacy of patients’ computerized information, the main threat the health-care industry faces isn’t from hackers, but from itself.
In a spate of recent security lapses at hospitals, health insurers and the federal government, private information on hundreds of thousands of patients, ranging from Social Security numbers to fertility-treatment and cancer records, has been compromised. The incidents have included the theft of an unencrypted laptop from an employee of the National Institutes of Health and the inadvertent posting of personal data unsecured on the Web from insurers WellCare Health Plans Inc. and WellPoint Inc. At the UCLA Hospital System, several employees were fired or disciplined recently for sneaking peeks at Britney Spears’ computerized medical files.
In another recent incident, a former patient-admissions employee at NewYork-Presbyterian Hospital/Weill Cornell Medical Center was arrested this month for allegedly selling at least 2,000 patient identification records, according to the U.S. Attorney for the Southern District of New York. The employee improperly accessed nearly 50,000 patient records in a computer system storing names, Social Security numbers and addresses, court documents allege. Hospital spokeswoman Myrna Manners says some patients have told the hospital they suspect their information had been “used,” though it wasn’t clear for what purpose or whether identity theft had occurred.